Allison writes:
This is, clearly, good and sensible practice. I am, however, noting that http://wikimediafoundation.org/wiki/Job_openings is clearly targeted at a world-wide base of possible applicants. How would a USA-based organisation (such as the firm you have retained) be able to carry out any criminal checks for such applicants outwith the USA? In the case of the UK, and I am sure other European and World countries, such information is not freely available to others than the law enforcement organisations of those countries.
There are USA-based firms that do international criminal background checks, and the firm we have retained is one of these. We are also aware (and I for one am fairly acutely aware) of the difference in privacy regulation among the various nation-states.
Certainly an applicant from a nation-state with different privacy laws could game the background-check system to some extent, but we hope this doesn't happen too often. What we're obligated to do under state and federal law is "due diligence" with regard to background checks -- we are not obligated to be perfect (no one is), and if information is unavailable to us because of another nation's privacy laws, the critical question is not whether we get it or not, but whether we do what any reasonable company in the same or similar circumstances would do. Moreover, we are obligated under U.S. law to take pains that personnel background checks are not disclosed to unauthorized persons.
Or is it intended that only US-citizens could be accepted for any staff position with the WMF?
This must be more of that UK irony stuff I've been hearing about from Thomas. As an American, I am forbidden by international law to understand it, because I know sports better.
--Mike
On Dec 15, 2007 8:03 PM, Mike Godwin mnemonic@gmail.com wrote:
There are USA-based firms that do international criminal background checks, and the firm we have retained is one of these. We are also aware (and I for one am fairly acutely aware) of the difference in privacy regulation among the various nation-states.
What about bonding? Has that been looked into and/or implemented? I'd imagine the bonding company would run its own background check.
On Dec 16, 2007 11:39 AM, Anthony wikimail@inbox.org wrote:
On Dec 15, 2007 8:03 PM, Mike Godwin mnemonic@gmail.com wrote:
There are USA-based firms that do international criminal background checks, and the firm we have retained is one of these. We are also aware (and I for one am fairly acutely aware) of the difference in privacy regulation among the various nation-states.
What about bonding? Has that been looked into and/or implemented? I'd imagine the bonding company would run its own background check.
For bonding or background checks, we would have to pay a third party some kind of money to handle them. We're a non-profit, and we shouldn't be spending our hard-earned money (or paying our employees to spend their time on it) running background checks and setting up surety bonds on the handful of employees we have.
From what i've heard, Ms Doran came to the WMF originally though a
temp agency, and it would surprise me to learn that the temp agency didnt run a background check of their own (and if they did, why didn't they make the information known to the WMF before contracting out the work?). The lesson in this is to be careful who you hire, and maybe never use that same agency again.
--Andrew Whitworth
On Dec 16, 2007 11:48 AM, Andrew Whitworth wknight8111@gmail.com wrote:
On Dec 16, 2007 11:39 AM, Anthony wikimail@inbox.org wrote:
On Dec 15, 2007 8:03 PM, Mike Godwin mnemonic@gmail.com wrote:
There are USA-based firms that do international criminal background checks, and the firm we have retained is one of these. We are also aware (and I for one am fairly acutely aware) of the difference in privacy regulation among the various nation-states.
What about bonding? Has that been looked into and/or implemented? I'd imagine the bonding company would run its own background check.
For bonding or background checks, we would have to pay a third party some kind of money to handle them.
Obviously.
We're a non-profit, and we shouldn't be spending our hard-earned money (or paying our employees to spend their time on it) running background checks and setting up surety bonds on the handful of employees we have.
Not necessarily all the employees, but certainly the key officers. One example would be the treasurer. Doing this is quite standard for non-profits, both small and large.
From what i've heard, Ms Doran came to the WMF originally though a temp agency, and it would surprise me to learn that the temp agency didnt run a background check of their own (and if they did, why didn't they make the information known to the WMF before contracting out the work?). The lesson in this is to be careful who you hire, and maybe never use that same agency again.
That's one lesson, but it isn't the only one.
Andrew Whitworth wrote:
On Dec 16, 2007 11:39 AM, Anthony wikimail@inbox.org wrote:
What about bonding? Has that been looked into and/or implemented? I'd imagine the bonding company would run its own background check.
For bonding or background checks, we would have to pay a third party some kind of money to handle them. We're a non-profit, and we shouldn't be spending our hard-earned money (or paying our employees to spend their time on it) running background checks and setting up surety bonds on the handful of employees we have.
That comes down to a matter of cost/benefit analysis. If the overall cost of security significantly exceeds the probable costs of facing the risk then the extra security isn't worth it. There's a huge industry out there that makes a hefty profit pandering to people's fears and insecurities. Electronic retailers make a bundle from service contracts on otherwise reliable equipment. If it's a question of office personnel, what is the worst case scenario of the damage that the person could cause? Then take the fees that one would pay for bonding or other insurance scams, and put them into a segregated contingency fund until that fund. When the capital in that fund builds to the point that it can cover off the worse case scenario for every employee, use any further fee-equivalent amounts to have a big party.
When you consider the WMF's operations the biggest risks are probably not from a person in Carolyn's job running away with the piggy bank. A rogue employee with server access could do a lot more damage. Admins on a project can do a lot less damage, but we have had rogue admins in the past. Consider then the number of rogue admins as a proportion of total admins. That could give a good rough first probability of finding a rogue in any job class. One just needs to do the math.
Insuring for catastrophic events is another issue, but that kind of insurance is relatively cheap.
Ec
wikimedia-l@lists.wikimedia.org