From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
This page is a translated version of the page Data retention guidelines and the translation is 54% complete.

Other languages:
العربية • ‎مصرى • ‎asturianu • ‎azərbaycanca • ‎български • ‎català • ‎čeština • ‎dansk • ‎Deutsch • ‎Ελληνικά • ‎English • ‎español • ‎فارسی • ‎suomi • ‎français • ‎Nordfriisk • ‎客家語/Hak-kâ-ngî • ‎עברית • ‎हिन्दी • ‎hrvatski • ‎Bahasa Indonesia • ‎日本語 • ‎la .lojban. • ‎қазақша • ‎한국어 • ‎Lëtzebuergesch • ‎Basa Banyumasan • ‎Bahasa Melayu • ‎norsk bokmål • ‎नेपाली • ‎Nederlands • ‎occitan • ‎ਪੰਜਾਬੀ • ‎polski • ‎português • ‎português do Brasil • ‎română • ‎русский • ‎Scots • ‎سنڌي • ‎svenska • ‎தமிழ் • ‎తెలుగు • ‎Türkçe • ‎татарча/tatarça • ‎اردو • ‎ייִדיש • ‎中文

The community consultation for the Data Retention Guidelines has closed as of 14 February 2014. We thank the community members who have participated in this discussion since the opening of the consultation on 09 January 2014 and have helped make the Guidelines better as a result. Although we are closing the community consultation, we welcome community members to continue the discussion. The Guidelines are intended to evolve and expand over time. You can read more about the consultation on the Wikimedia blog. Mpaulson (WMF) (talk) 23:57, 14 February 2014 (UTC)



それと同時に私たちは、あなたの私的なデータを、「可能な限り短い期間だけ持っておく」ことにコミットしています。ここでいう「可能な限り短い」の意味は、「各ウィキメディア・サイト(Wikimedia Sites)のメンテナンス、理解、改善という目的に合致し、また、該当する米国法の下での私たちの法的義務にも合致する」、ということです。(上記の引用は、ウィキメディア財団のプライバシー方針からのものです)

This document helps explain how we fulfill this commitment, by describing our guidelines for data retention, system design, and ongoing auditing and maintenance. These guidelines are meant to be a living document — they will be updated over time to reflect current retention practices.




Unless otherwise indicated, we retain the following types of data for no more than the following periods of time:

データの種類 入手元 最長保持期間
個人情報 利用者から自動的に収集
  • サイトを訪問する人のIPアドレス(運用データ)
  • A/Bテストの被験者のIPアドレス(分析データ)
  • サイトを訪問する人のユーザーエージェントを確認する
  • メールアドレス
アカウントに関連付けされた非個人情報* 利用者から自動的に収集 無期限
  • Logs of terms entered into the site's search box, or terms within prefilled links to the search engine that have been followed by user navigation
Provided by a user
  • 言語
Until user deletes/changes the account setting.
アカウントに関連付けされていない非個人情報* 様々な利用者から自動的に収集 無期限
読者が閲覧した記事 読者から自動的に収集
  • 読者が閲覧した記事の一覧
After at most 90 days, if retained at all, then only in aggregate form
(*) For the purposes of this table, "user account" means username, user ID, or IP address; "reader" means visitor to a Wikimedia project.



  • 「個人情報」 はあなたが提供する情報または当財団が収集する情報のうち、それを使ってあなた個人を特定することができる情報のことです。当財団は下記の種類の情報すべてを収集しているとは限らないことを念のため記しておきますが、当財団が「個人情報」であると見なす条件とは、下記のものが他の場で非公開になっていて、あなたを特定できる目的で使用できる場合が、「個人情報」だと考えます。
(a) 実名、住所、電話番号、メールアドレス、パスワード、政府発効の身分証明書の番号、IPアドレス、ユーザーエージェント情報、およびクレジットカード番号;
(b) when associated with one of the items in subsection (a), any sensitive data such as date of birth, gender, sexual orientation, racial or ethnic origins, marital or familial status, medical conditions or disabilities, political affiliation, and religion; or
(c) any of the items in subsections (a) or (b) when associated with your user account.
  • Some examples of "public information" would include: (a) your IP address, if you edit without logging in; (b) your gender, if it is disclosed under your user profile; (c) any personal information you disclose publicly on the Wikimedia Sites, such as your real name or age. Some examples of types of information that are considered to be "nonpublic information" include: (a) your IP address, if you edit while logged in; (b) your email address, if you provided one to us during a registration (but didn’t post it publicly); and (c) your location information, if you have not posted it publicly. The types of information that are considered "nonpublic" as opposed to "public" are more fully explained in our Privacy Policy.
  • Data is "anonymized" when (1) information that can be used to identify a specific user has been removed or otherwise been changed so that it can no longer be used to identify the user directly, and (2) best efforts have been made to remove, or otherwise make non-re-identifying, information that could be used to re-identify the user.
Examples of identifying information that could be removed in order to anonymize data would include:
  • Real names, addresses, phone numbers, email addresses, password, identification number on government-issued ID, IP address, user-agent string, credit card number, unique device identifiers
Examples of changes that could be made to data so that it no longer directly identifies the user:
  • Encrypting or removing/masking the most specific portion of IP addresses
  • Sanitizing user-agent strings
  • Data is "aggregated" when the data associated with a specific user has been combined with data from others to show general trends or values without identifying specific users.
An example of how data can be aggregated includes:
  • Using ranges rather than specific numbers, such as recording that there are "between 1 and 10 editors in language X in country Y" rather than recording that there are 4 editors.

While we make our best effort to anonymize or aggregate information to the point that an individual cannot be identified, we cannot completely eliminate the risk of re-identification. For more info about re-identification, please see the FAQ section of the Privacy Policy.

Terms that are not defined in this document have the same meaning given to them in the Privacy Policy.


If we make exceptions to these guidelines, we will notify the community by describing the exception on this page.

  • Data may be retained in system backups for longer periods of time, not to exceed 5 years.
  • Information (including personal information) collected through participation in a survey or other research conducted by the Wikimedia Foundation will be retained indefinitely for educational, development, or other related purposes, unless otherwise indicated in the privacy policy or statement of such survey or research. Such information may be retained in raw, aggregated, or anonymized form until we receive a request from the participant to be removed from our research database.
  • In rare cases, we, or particular users with certain administrative rights as described in our Privacy Policy, may need to retain your personal information, including your IP address and user agent information, for as long as reasonably necessary (which may be longer than the period described in the table above) to:
  • enforce or investigate potential violations of our Terms of Use, this Privacy Policy, or any Foundation or user community-based policies;
  • investigate and defend ourselves against legal threats or actions;
  • help protect against vandalism and abuse, fight harassment of other users, and generally try to minimize disruptive behavior on the Wikimedia Sites;
  • prevent imminent and serious bodily harm or death to a person, or to protect our organization, employees, contractors, users, or the public; or
  • detect, prevent, or otherwise assess and address potential spam, malware, fraud, abuse, unlawful activity, and security or technical concerns.


These guidelines are based on practices that the Foundation has generally followed for many years, particularly the 90-day rule for IP addresses and similar personal information in our server logs. However, our older systems may not always comply with these new guidelines, particularly for personal information other than IP addresses. As a result, once these guidelines are adopted, WMF’s technology teams plan to audit our existing systems and bring them into compliance. Because of the size and scope of these systems, this audit will necessarily occur in a gradual fashion.


In order to support these data retention periods and our overall privacy policy, new tools and systems implemented by the Foundation will be designed with privacy in mind. This will include:

  • inclusion of these data retention guidelines as requirements during the design process;
  • legal consultation during the design and development process; and
  • inclusion of privacy considerations in the code review process.

Ongoing handling of new information

Despite our best efforts in designing and deploying new systems, we may occasionally record personal information in a way that does not comply with these guidelines. When we discover such an oversight, we will promptly comply with the guidelines by deleting, aggregating, or anonymizing the information as appropriate.


もし、あなたがこれらガイドラインに潜在的に不適合の部分があると思われた場合やガイドラインのコンプライアンスに関して疑問点やコメントがあるのでしたら、privacy@wikimedia.org まで連絡して下さい。