Talk:Website Privacy Policy

From Wikimedia UK
Jump to navigation Jump to search

Where do you hold my personal information? section

In the "Where do you hold my personal information? Can I find out ..." section, there is no answer to the "where" question. Should we add an answer something like:

"Your Personal Data relating to membership will be held on a computer within the European Economic Area, as required by our Data Protection Act registration (register search using DPA Registration Number Z3098483). Currently your membership data is held on computers located at our office in London. [is this true? mention security briefly?] Data you have explicitly caused to be placed on an internet visible computer yourself, thereby giving your consent, such as comments or edits on this website or contributions to an email list, may be held on computers worldwide."

Something like this should also be added to the Data Protection Policy page. Rwendland (talk) 12:34, 13 April 2013 (UTC)

Morning! This privacy policy applies to all data processed by sites the Chapter hosts, so not just membership data or personally identifiable information, but log in data. I'd rather keep policies discrete - so expanded content should be in the data protection policy but I DO think this more explicit edit about storage needs to go in that, so I'll propose that as an amend when I take this to the board as well? I'll work on a form of words on the talk page of that policy Katherine Bavage (WMUK) (talk) 09:14, 15 April 2013 (UTC)
If this data is not Personal Data as defined by the DPA, I'd suggest calling it something different to "my personal information", which reads as a simple synonym for "Personal Data". Rwendland (talk) 09:48, 16 April 2013 (UTC)
I've been advised that IP address data can be construed to be personal data according to EU law. I'm not sure what change you're proposing - can you clarify for me or make the edit directly for me to then have our lawyer relook at the changed version? Thanks Katherine Bavage (WMUK) (talk) 12:42, 16 April 2013 (UTC)
Yes, IP data could be personal data (eg static IP address that could be mapped back to a single-user system). I'm beginning to think your approach is best, and to stick to the current terminology. I'm concerned that "Privacy Policy" could be (mistakenly) construed as a wider WMUK Privacy Policy, which I intitially had in mind, rather than just website data. Perhaps renaming the page "Website Privacy Policy" would help there? (Sorry I'm in a rush today and been slow in replying, I'll consider it a bit more later.) Rwendland (talk) 14:48, 17 April 2013 (UTC)

What do you do with my personal information? section

Is it really the case that "registered users who have been elected by the community to support the activities of the community" will have access to users' personal information? Surely not. --MichaelMaggs (talk) 21:19, 14 April 2013 (UTC)

Yes, its because people with Checkuser status on our wikis can and would have access to IP and other personally identifiable info if they were investigating disruptive editing. I think however 'elected' is a bit confusing as this implies trustees, so I'll probably re-word that. I'll check in with Richard Symonds for advice on exactly how those who hold these responsibilities are decided to clean this up a bit. Katherine Bavage (WMUK) (talk) 09:17, 15 April 2013 (UTC)
AFAIK, there are no local CU on this wiki. Which means only those that have CU globally on WMF's wiki has CU rights here. According to m:CheckUser_policy#Everywhere, that would be Stewards who are elected, WMF staffs with staff rights and Ombudsman commission members the last two groups of whom are not suppose to use the rights except for exceptional specific circumstances. -- Katie Chan (WMUK) (talk) 09:33, 15 April 2013 (UTC)
Thanks - I'll work to clarify the wording - any suggests? I'm not particularly clear on how this works? Will this change if we host our wiki directly? Katherine Bavage (WMUK) (talk) 10:26, 15 April 2013 (UTC)

Cookies section

NB - host on a separate page so can be updated without needing re-approval as policy Katherine Bavage (WMUK) (talk) 19:28, 18 April 2013 (UTC)

How long are logs kept?

This doesn't seem to make explicit how long logs are kept. Are they all kept forever? Nothing that is kept on a web-accessible server will remain private forever, so the longer any records are kept the more likely it is to be shared unwittingly with the wider world. Or subpoenaed. Sj (talk) 21:45, 20 June 2013 (UTC)