Privacy policy/IT guidelines
|
This page is still a draft. Feel free to edit it, and use the talk page to discuss ideas and changes. Remember to add categories and tell people where the page is so others can find it and chip in. |
People interacting with Wikimedia UK (members, board members, donators, staff and partners in general) desserve an absolute privacy in their exchange with Wikimedia UK. As long as the contrary is not cleary announced, the data are private and should not be communicated to a third party. This principle which is mandatory to achieve trustfully relationships is supported by a few legal texts[1] and policies. Wikimedia UK wants to be exemplary and does its best to have high privacy standards.
As most of our communications and data are digitized, the IT are in the middle of the privacy challenges. Our data have a high value. The recent history has shown us private companies and states trying to gather as much information as possible in a pro-active and systematic manner. Although it would be presomptuous to pretend fighting efficiently again intelligency services targeted actions, there is a lot of things which can be done to garanty high level of protection. Our information solutions need therefore to be thoughfully architectured to support our privacy standarts.
We are aware that data protection has a cost in term of resources and that our resources are limited. We are aware that all the data doesn't have the same value and that differencieted approached may be needed. We are also aware that we have a fondamental dilemna between security and usability. Nevertheless, Wikimedia UK is engaged in a continuous improvment process to belong a modern and as secure as possible IT infrastructure. This process will be driven within the Technology Committee and based on dialogue between users and solution providers.
Dangers
- Curiosity of simple users
- Data which are private are for a reason on an other available publicly. A lot of common sense a few low tech solution are enough to fight him.
- Malicious computer attacks
- Attacks of computer experts. This is certainly the most complicated to fight, this needs pretty much work and skills.
- Network surveillance
- Monitoring and surveillance of the networks. Well encrypting our exchanges is the first and most common measure to fight this. Using free software is an other one.
- Activity surveillance
- The most common source of data leak. This is mostly operated by (Web) services operating "free" services. To fight this we should as much as possible try to replace them (or provide an alternative) by our own services, pay services offering high privacy protection. In the worth case, we should well inform our users.
- Stored data leaks
- Storage providers copy/analyze the data for their own usage or sell/communicate them to third parties. This is a big problem with US based services, especially the free one. To fight this, preffer use in this order our infrastructure/UK based servers. Encrypting the data is also a good approach.