Under the access to nonpublic information policy, functionaries are permitted at their discretion, but not required, to disclose PI in certain defined circumstances. These exceptions are summarized below and in the next slide.
If you disclose nonpublic information under exceptions (ii), (iii), (iv), or (v), tell WMF at email@example.com within 10 days. In addition, in the event of an emergency, such as a threat of violence, we strongly advise contacting firstname.lastname@example.org and email@example.com immediately.
(i) Between functionaries to fulfill functionary duties
Functionaries may disclose PI to other community members with the same access rights in order to fulfill duties outlined in an applicable policy.
You do not need to inform firstname.lastname@example.org within 10 days if you disclose PI under this exception.
User:Rory, an oversighter on English Wikipedia, shares a small amount of PI on a private wiki that is restricted to oversighters, in order to get help with a request he received.
(ii) To service providers in order to enforce blocks
Functionaries may disclose PI to service providers, carriers, or other third parties to assist in either:
- the targeting of IP blocks; or
- the formulation of a complaint to relevant internet service providers.
You do need to inform email@example.com within 10 days if you disclose PI under this exception.
(iii) To law enforcement, in cases where there is an immediate and credible threat to life or limb
WMF’s Support & Safety team recommends immediately forwarding serious threats to firstname.lastname@example.org and email@example.com. Our trained Support & Safety team can then make its own evaluation and determine whether to disclose PI to law enforcement.
However, if you wish to disclose PI to law enforcement yourself, please note that there are three requirements in such cases. A threat must be:
- to life or limb;
- immediate; and
You do need to inform firstname.lastname@example.org within 10 days if you disclose PI under this exception, and we strongly suggest informing email@example.com and firstname.lastname@example.org immediately.
User:Rory, a steward, discovers that a user made a bomb threat on a talk page. He immediately notifies email@example.com and firstname.lastname@example.org about the situation. WMF’s Support & Safety team takes things from there. Rory did not need to personally contact law enforcement or disclose PI.
Rory discovers a user page on which the owner recently posted that they intend to commit suicide. Rory believes the threat is credible. He discloses the user’s IP address, email address, and real name (if available) to law enforcement. He also immediately notifies email@example.com and firstname.lastname@example.org about the situation and the action he has taken.
Rory discovers that a user on a talk page has threatened to throw eggs at another user’s house. Rory does not disclose the user’s IP address, email, or real name to law enforcement because the user has not threatened anybody’s life or limb. Instead, Rory chooses to warn the user or block them for harassment. Depending on the circumstances, Rory may want to report the incident to local law enforcement without disclosing the threat-maker’s IP address, email address, name, or any other PI.