Difference between revisions of "Technology access policy"

From Wikimedia District of Columbia
Jump to: navigation, search
m (James Hare moved page Internal:Email address policy to Internal:Technology access policy without leaving a redirect)
(Expanding policy draft to be about other technological tools)
Line 1: Line 1:
{{header title|title=Email address policy|status=review}}
+
{{header title|title=Technology Access Policy|status=review}}
  
==ARTICLE I – PURPOSE AND SCOPE==
+
==ARTICLE I – PURPOSE==
1. <u>Purpose</u>. The purpose of the Email Address Policy ("Policy") is to establish rules concerning the assignment and use of email addresses assigned by Wikimedia District of Columbia ("Corporation").
+
1. <u>Purpose</u>. The purpose of the Technology Access Policy ("Policy") is to establish rules concerning access to information technology resources in use by Wikimedia District of Columbia ("Corporation").
  
2. <u>Scope</u>. This Policy applies to email addresses assigned on a domain name owned by the Corporation, as well as individuals who have been assigned such email addresses.
+
==ARTICLE II - EMAIL ADDRESSES==
 +
1. <u>No Personal Use</u>. Email addresses issued by the Corporation on a domain name owned by the Corporation ("Corporation email addresses") shall only be used for conducting the official business of the Corporation. No personal use of Corporation email addresses is permitted.
  
==ARTICLE II - POLICY==
+
2. <u>Persons Assigned Email Addresses</u>. Officers and Directors of the Corporation, staff members, and contractors shall be assigned Corporation email addresses by the Secretary.
1. <u>No Personal Use</u>. Email addresses issued by the Corporation shall only be used for conducting the official business of the Corporation. No personal use of Corporation email addresses is permitted.
 
  
2. <u>Persons Assigned Email Addresses</u>. Officers and Directors of the Corporation, staff members, and contractors shall be assigned Corporation email addresses.
+
3. <u>Revoking Email Addresses</u>. The Secretary shall revoke access to Corporation email addresses from any person who no longer satisfies the conditions of Article II, Paragraph 2, following a 90 day period, unless such person remains involved in the Corporation's activities in a different capacity.
  
3. <u>Revoking Email Addresses</u>. The Secretary shall revoke the email address of any person who no longer satisfies the conditions of Article II, Paragraph 2, following a 90 day period, unless such person remains involved in the Corporation's activities in a different capacity.
+
==ARTICLE III – ACCESS TO PERSONALLY IDENTIFIABLE INFORMATION==
 +
 
 +
1. <u>Definition</u>. Personally Identifiable Information ("PII") refers to information which can be used to distinguish or trace an individual’s identity, including, but not limited to, their name, social security number, biometric records, credit card information, date or place of birth, mother’s maiden name, or other information that either alone, or in combination with other personal or identifying information is linked or linkable to a specific individual.
 +
 
 +
2. <u>Standards</u>. No information technology tool may be used to collect or store PII on behalf of the Corporation unless such tool supports industry-grade encryption and the creation of user accounts for individual persons.
 +
 
 +
3. <u>Assignment of Accounts</u>. Individuals shall be granted access to information technology tools used to store and collect PII ("PII Tools") on a need-to-know basis by the President of the Corporation. Each account shall be assigned for the exclusive use of one person, with no account sharing permitted.
 +
 
 +
4. <u>List of Tools</u>. A list of PII Tools shall be maintained and made available to the President of the Corporation and to the Board of Directors. This list shall include the names of PII Tools used, where they are installed or accessed, and a list of persons with access to such PII Tools.

Revision as of 21:07, 6 July 2014


ARTICLE I – PURPOSE

1. Purpose. The purpose of the Technology Access Policy ("Policy") is to establish rules concerning access to information technology resources in use by Wikimedia District of Columbia ("Corporation").

ARTICLE II - EMAIL ADDRESSES

1. No Personal Use. Email addresses issued by the Corporation on a domain name owned by the Corporation ("Corporation email addresses") shall only be used for conducting the official business of the Corporation. No personal use of Corporation email addresses is permitted.

2. Persons Assigned Email Addresses. Officers and Directors of the Corporation, staff members, and contractors shall be assigned Corporation email addresses by the Secretary.

3. Revoking Email Addresses. The Secretary shall revoke access to Corporation email addresses from any person who no longer satisfies the conditions of Article II, Paragraph 2, following a 90 day period, unless such person remains involved in the Corporation's activities in a different capacity.

ARTICLE III – ACCESS TO PERSONALLY IDENTIFIABLE INFORMATION

1. Definition. Personally Identifiable Information ("PII") refers to information which can be used to distinguish or trace an individual’s identity, including, but not limited to, their name, social security number, biometric records, credit card information, date or place of birth, mother’s maiden name, or other information that either alone, or in combination with other personal or identifying information is linked or linkable to a specific individual.

2. Standards. No information technology tool may be used to collect or store PII on behalf of the Corporation unless such tool supports industry-grade encryption and the creation of user accounts for individual persons.

3. Assignment of Accounts. Individuals shall be granted access to information technology tools used to store and collect PII ("PII Tools") on a need-to-know basis by the President of the Corporation. Each account shall be assigned for the exclusive use of one person, with no account sharing permitted.

4. List of Tools. A list of PII Tools shall be maintained and made available to the President of the Corporation and to the Board of Directors. This list shall include the names of PII Tools used, where they are installed or accessed, and a list of persons with access to such PII Tools.