Page MenuHomePhabricator

Consider a Wikimedia Italia NDA for Wikimedia Italia volunteers and collaborators
Open, Needs TriagePublic

Description

Talking with some staff members of Wikimedia Italia we noticed that in the contractual phase they sign some standard confidentiality obligations. This is fine to protect some confidentiality and risks, for example:

  • billing credentials (of services/servers) (→ ability to destroy a service)
  • websites credentials (→ ability to publish stuff in the name of the organization)
  • email administration (→ ability to release mailboxes and read other-people email)
  • database access (→ ability to delete everything or replace stuff without being logged)
  • server credentials (→ like the above one but bigger)
  • bank credentials (→ ability to run away with money 🤑)

This is fine. Anyway,

We noticed that volunteers and collaborators often manage some of this data in good faith and without a NDA. This may not be a desirable situation for the protection of the association.

It may be interesting to invest some time to prepare a cute NDA also for volunteers and collaborators following the direction of other organizations like Debian and the Wikimedia Foundation etc.

Some examples we can follow:

Event Timeline

The law applies with or without a contract. The bigger problem is that the board has not updated https://wiki.wikimedia.it/wiki/Associazione:Autorizzazioni_al_trattamento_dei_dati_e_degli_accessi .

I recommend to close this task as declined, given it goes against the current board-approved policy. New tasks may be created if that policy is changed by the board.