Program Leads: Aeryn Palmer (Legal), Victoria Coleman and Nuria Ruiz (Technology)
Strategic priorities: Communities, Reach
Timeframe: 12 months. Specific segments of the program may have finite time frames, but some aspects (for example, providing Privacy by Design product counseling) are ongoing throughout Q1-Q4.
Privacy and Security
Description of Privacy and Security Expenses
8.08 FTE in Technology and Legal
Non Staffing Expenses
Data Center Expenses
Donation Processing Fees
Outside Contract Services
Contractor and contracting services cost to support the privacy and security program, audit, and trainings
Legal fees related to safeguarding user and donor information through legal compliances and protective policies
Travel & Conferences
For security personnels to travel to community events and community conferences
Other expenses (Wikidata, Personal Property Taxes)
Cost for security audit (penetration testing), and additional payroll fees and personnel related expenses not captured in "Staffing Expenses"
Total Program Expenses
As technological and legal circumstances evolve, we are continuing our work to maintain and improve the Wikimedia Foundation's privacy and security practices in order to protect Wikimedia community member and donor information and ensure safe and secure connection to Wikimedia projects and sites.
Our privacy and security work is three-fold. The programmatic aspects (Privacy) involve safeguarding user and donor information through legal compliance and protective policies, best practices, and trainings; communicating our privacy practices to users and donors; and ensuring that privacy issues are considered throughout the product design process and lifecycle. The core/non-programmatic aspects (Security and Data Management) include implementing technical and physical measures to ensure secure connections to Wikimedia sites and protect data the Foundation holds; improving organizational security posture and architecture; ensuring the Wikimedia projects, sites, property, staff, and fundraising operations remain protected from external threats; and improving data management and practices.