Thanks Mike, I had the same email today, it is useful to see the relevant links.
The apparent ability to keep almost any data about (effectively) anyone interacting with the charity whether virtually or at events, for three years after the person was known to the charity, seems an excessive way of writing the data policies. Volunteers, members, or other interacting with the charity are unlikely to be aware that they have agreed to a wide scope for long term data retention. The approach of requiring an optional and positive opt-in, rather than opt-out will always be perceived as more ethical.
It was interesting to read that WMUK leaves cookies on your systems. This is phrased very generically, but in practice the only use of cookies is for login and user preferences. It would be reassuring for the reader/user to state this explicitly in the website privacy policy.
It is surprising to see that there appears to be no expiry defined in policy for the deletion of IP and browser header logs, apart from the 3 years after you last did anything with the charity. It would make sense officially to adopt the Wikimedia Foundation's 90 day limit and to be honest, I rather suspect this is how it currently works, considering there is a relationship between the WMUK wiki and stewards on meta (according to the policy). Retaining the detailed website logs without specific cause is highly unlikely to be of legally legitimate use to anyone, and they are more likely to pose a risk if retained for several years.
Fae (one time technical auditor)
On 23 May 2018 at 15:03, Michael Peel email@mikepeel.net wrote:
Ah, I got the email from WMUK today. Copy below in case anyone’s interested. Thanks to whoever at WMUK has been working on this!
Thanks, Mike
"Good afternoon
Like everyone else, we need to remind you that we are holding your contact details and to say that if we have similar reasons to contact you as when you first provided us with your contact details, we may do so.
If you’d rather we didn’t, that’s fine. All you need to do is click on the ‘unsubscribe’ link at the bottom of this message. Unless we have lawful grounds to keep your data, we will delete it. You can also ask us to send you what data we have by emailing yourdata@wikimedia.org.uk.
For further information about how we process your personal data, please see our updated Data Protection Policy, or for more information on how we collect cookies please see our Website Privacy Policy.
Thank you for being part of the Wikimedia UK community and please let us know if you have any questions.
The Wikimedia UK team"
On 22 May 2018, at 22:48, Michael Peel email@mikepeel.net wrote:
I haven’t spotted any emails from WMUK about this yet, are they coming soon or is everything already OK here?
Thanks, Mike _______________________________________________ Wikimedia UK mailing list wikimediauk-l@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Wikimedia UK mailing list wikimediauk-l@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk