Access to non-public personal data policy

From Meta Weird Gloop
Revision as of 23:37, 18 June 2019 by Cook Me Plox (talk | contribs)
Jump to navigation Jump to search

Purpose

Weird Gloop Sites (the “Sites”) are the product of a global community of volunteer contributors and editors. This dedicated group of individuals not only writes and curates content on the Sites, they also help ensure the safety of the Sites and its users as well as compliance with applicable policies. To manage this task effectively, certain community members are entrusted with access to limited amounts of nonpublic personal information regarding other users (“Nonpublic Personal Data”). For example, a community member who has “checkuser” rights could use those rights to investigate whether a single user is using multiple accounts in a manner inconsistent with global or local policies. The purpose of this “Access to Nonpublic Personal Data Information” policy (the “Policy”) is to:

  • explain the minimum requirements that must be met by any community member who has access to Nonpublic Personal Data;
  • explain the rights and responsibilities of community members with access to Nonpublic Personal Data;
  • ensure that community members with access to Nonpublic Personal Data understand and commit to maintaining the confidentiality of Nonpublic Personal Data; and
  • provide guidelines to community members with access to Nonpublic Personal Data as to when they may access Nonpublic Personal Data, how they may use such information, and when and to whom they may disclose such information.

Community members covered by this Policy

This Policy applies to any community member to whom Weird Gloop has granted access to Nonpublic Personal Data covered by the privacy policy (“Designated Community Member”), including:

  • Community members with access to any tool that permits them to view Nonpublic Personal Data about other users (such as the CheckUser tool);
  • System administrators with access to Nonpublic Personal Data.

Minimum requirements for Designated Community Members applying for access to nonpublic information rights

The following conditions are minimum requirements that all Designated Community Members must meet before being granted access to Nonpublic Personal Data ("access rights"). These conditions should also be considered requirements to be a candidate for any community-run selection process for a role that would convey such access rights. The community may require candidates for access rights to meet additional community-specified criteria on a case-by-case or role-by-role basis.

(a) Minimum age. Access to nonpublic information requires maturity because of the significant responsibilities that come along with confidentiality obligations. For this reason, any community member who applies for access rights must:

  • be at least eighteen (18) years of age; and
  • must certify to Weird Gloop that they meet the minimum age required for the rights they are applying for.

(b) Valid, linked email address. In order to ensure that we can contact the individuals who take on these important roles, any community member who applies for access rights must:

  • submit to Weird Gloop a valid email address;
  • have the account under which they are applying for rights linked to a valid email address;
  • complete verification of the submitted and/or linked email address (such as responding to a confirmation email sent to their submitted email address), if requested to do so; and
  • inform Weird Gloop of any change to their email address within one week of such change.

(c) Confidentiality. To ensure that community members with access rights understand and commit to keeping the Nonpublic Personal Data confidential, they will be required to read and certify that they agree to a short confidentiality Agreement that outlines:

  • what Designated Community Members should treat as confidential information;
  • when they are allowed to access Nonpublic Personal Data;
  • how Designated Community Members may use Nonpublic Personal Data about other users;
  • when and to whom they may disclose the Nonpublic Personal Data and how they must otherwise refrain from disclosing Nonpublic Personal Data to anyone, except as permitted under applicable policies;
  • how they must safeguard their accounts from unauthorized access; and
  • when they must report disclosure of Nonpublic Personal Data to third parties or improper access, use, or disclosure of Nonpublic Personal Data.

(d) Privacy. In consideration of the privacy of Designated Community Members, any personal information submitted by Designated Community Members to Weird Gloop as part of their application process or otherwise under this Policy is subject to Weird Gloop's privacy policy.

Use and disclosure of nonpublic information

Designated Community Members provide valuable services to the Sites and its users – they fight vandalism, respond to helpdesk emails, ensure that improperly disclosed private data is removed from public view, confirm license permissions, investigate sockpuppets, improve and debug software, and much more. But Designated Community Members’ use of access rights is limited to certain circumstances and contexts. This section elucidates the situations in which access rights may be used and Nonpublic Personal Data may be disclosed to third parties.

(a) Use of access rights and Nonpublic Personal Data. All Designated Community Members may only use their access rights and the subsequent information they access in accordance with the policies that govern the tools they use to gain such access. For example, community members with access to the CheckUser tool must comply with the global CheckUser policy, and, unless they are performing a cross-wiki check, they must also comply with the more restrictive local policies applicable to the relevant Site. When a Designated Community Member’s access to a certain tool is revoked, for any reason, that member must destroy all Nonpublic Personal Data that they have as a result of that tool.

(b) Disclosure of nonpublic information. In the course of keeping the Sites and its users safe, Designated Community Members must sometimes disclose Nonpublic Personal Data to third parties. Disclosures of Nonpublic Personal Data are limited to:

(i) other Designated Community Members with the same access rights, or who otherwise are permitted to access the same Nonpublic Personal Data, to fulfill the duties outlined in the applicable policy for the access tool used;
(ii) service providers, carriers, or other third party vendors to assist in the targeting of IP blocks or the formulation of a complaint to relevant Internet Service Providers;
(iii) the public, when it is a necessary and incidental consequence of blocking a sockpuppet or other abusive account.

All other formal and informal requests for user Nonpublic Personal Data (i.e. those not covered by one of the situations described above or those not acted upon by a community member with access rights), including subpoenas, from law enforcement, government agencies, attorneys, or other third parties should be directed to Weird Gloop's administration at admin@weirdgloop.org.

Retrieved from "https://meta.weirdgloop.org/w/Access_to_non-public_personal_data_policy?oldid=182"