Nathan Reed wrote:
"It is the policy of Wikimedia that
personally identifiable data
in the server logs, or through records in the
database via the CheckUser
feature, may be released by the system administrators or users with
CheckUser access, in the following situations:"
Does this mean that personally identifiable information may be released
users with CheckUser permissions? For example, is
it permissible for me
release the actual IP address of a vandal to the
general public? I'm not
sure, but this may not be a good thing.
I can understand using the information for IP blocks, but perhaps the
release of the information should not be so broad in these cases. Or,
I'm tired, have failed to comprehend the
policy completely, and have
do. We can and should, in practice, be as privacy conscious as we can
be, and so checkusers who have any doubt about to whom they should
release information, and when, and why, should check carefully with
Angela, Anthere, me, brad, other checkusers, relevant arbcoms, etc.
do it, we may choose not to do it in most cases.
To second Jimbo, part of what is really important about this is the notion
of "flexible response" especially when dealing with sensitive issues, i.e.
law enforcement (it happens) and emergency situations. We absolutely are
committed to a minimalist policy and will endeavor to release as little as
possible, whenever possible. However, we are also ensuring that if a
situation arises that calls for us to do something, we can do so within the
parameters of our own policy. I think it is a natural evolution and a good
General Counsel & Interim Executive Director
Wikimedia Foundation, Inc.