Wikipedia:Wikipedia Signpost/2008-05-12/Policy updates

This week, the Wikimedia Foundation's Board of Trustees announced a forthcoming update to its privacy policy, as well as the adoption of a new data retention policy.

On Thursday, May 8, board Chairperson Florence Devouard made separate announcements for each. The first announcement was the adoption of a data retention policy; according to Devouard, the resolution reads:

"[T]he Wikimedia Foundation Board of Trustees, consistent with its long-standing commitment to minimizing the data retention of users and editors, adopts the policy of retaining the least of amount personally identifiable information consistent with maintenance of its services, with its privacy policy, or as required by state or federal legal provisions under United States of America law."

According to board member Domas Mituzas, who also serves as a developer, prior practice with regard to data retention was "kind of undefined. This resolution gives us clear guidelines, what we want to comply with, and a place to point at anyone who wants more (or less) than what we do." No draft of the policy has yet been published.

The second announcement, and arguably the more important, was the decision to amend the privacy policy: when possible, the Foundation will notify community members when their personal data, such as IP addresses, has been sought by legal processes. The resolution:

"The Wikimedia Foundation Board of Trustees will amend its privacy policy to notify, when possible, those members of the community whose personally identifiable data has been sought through, or produced as a result of, civil or criminal legal process, except when such notification is forbidden by state or federal law in the United States of America."

According to Devouard, the resolution was suggested in March by Nsk92, after the late-2007 "Video Professor incident", where Video Professor, Inc. sought and received the IP addresses of Wikipedia editors, following a subpoena.

Devouard said that the privacy policy would be reviewed in full by general counsel Mike Godwin, in anticipation of a full draft for a summer meeting. However, because of the nature of the concern, Devouard felt that an expedited addition, allowing the Foundation to contact users whose information had been sought, was worth seeking.

Board member Michael Snow noted that the change does not promise that such contact will occur, citing a recent case where such contact could not legally be made:

"The resolution covers both the case where information has only "been sought", as well as where it has been "produced" already. It also acknowledges that in some cases the notice itself may be forbidden (compare the recent news story about the Internet Archive, which successfully resisted an FBI attempt to extract information, but was forbidden to disclose it while the matter was being litigated). Otherwise, clearly we would prefer to notify affected parties prior to producing information, but given the varied circumstances that might lead to such a request, we cannot promise this in every situation."

While the resolutions were published on the mailing list, they have not yet been published on the Foundation's resolutions page.

Four other resolutions announced
Four other resolutions were approved at the April San Francisco meeting, and announced this week on the resolutions page. Three of these (the approval of December's and March's meeting minutes, and the already-announced appointment of Stuart West as a trustee) have not been published in full.

The fourth is the formal amendment of the Foundation's bylaws, to allow for the restructuring of the Board (see archived story), and to lessen legal liability to chapters due to Foundation or volunteer actions, and vice-versa. The changes have not been applied to the official bylaws as of press time.