- Case Number: a20140815.1
Status: merged into a20140712.1
- Claimant: CAcert (represented by board) - [formerly Benedikt H (as internal Auditor)]
- Respondent: Werner D
initial Case Manager: EvaStöwe
- Case Manager: name case manager
- Arbitrator: name arbitrator
- Date of merge: 2016-09-30
- Complaint: Attempted privacy data breach
- Relief: TBD
Before: Arbitrator name arbitrator (A), Respondent: Werner D (R), Claimant: Benedikt H (as internal Auditor) (C), Case: a20140815.1
History Log
- 2014-08-15 (issue.c.o): case [s20140814.121]
- 2014-08-15 (iCM): added to wiki, request for CM / A
2015-04-30 (A of a20141024.1a20141024.1): R has performed a partial successfull re-training and declared that he will not look up accounts by requests on the open support list. Board (and A of a20141024.1) refused the training as a complete training
- 2016-04-09 (R): declares immediate resignation from all roles
2016-04-16 (board): accepts resignation of (R) from support with motion m20160416.12
- 2016-05-27 (A of a20141024.1): rules "Werner has resigned from support team. There is no direct need for a training any more and the topic should be dropped. Should he ever apply for a job under SP again, he has to convince an arbitrator (in a case) that he has performed the training as it was described in follow up ruling I before he may be allowed to do that job."
- 2016-07-05 (Benedikt): declares immediate resignation as internal auditor
- 2016-07-10 (iCM): contacts board and Benedik about who the claimant of this case would be after resignation of Benedikt as internal auditor and no successor in that role; considers CAcert to be the claimant
2016-07-17 (board) accepts resignation as internal auditor from Benedikt with motion m20160717.2
2016-08-20 (iCM, 2 board members): session about clarification of continuation of cases protocolled in this mail and in FrOSCon-2016-Report, agreement that claimant of case would be CAcert represented by board and that this case best be merged into a20140712.1 as it is of comparable nature
- 2016-08-20 iCM: the claimant is updated to be "CAcert (represented by board) - [formerly Benedikt H (as internal Auditor)]"
2016-09-18 (board): approves the results of that session with motion m20160921.2 as far as it concerns the part of the claimant/executive
2016-09-30 iCM: As both cases are about comparable issues and the issues named in this case seem to be of a less drastic nature than those of a20140712.1 and because claimant and respondent are also the same and that other case is older, this case should be merged into the older case as requested by the claimant.
- 2016-09-30 iCM: informs original claiming person, claimant, respondent, arbitrators of update of claimant and merge
Private Part
Link to Arbitration case a20140815.1 (Private Part), Access for (CM) + (A) only
EOT Private Part
original Dispute
Dear Arbitrators, As CAcert's internal Auditor, I would like to open a dispute against supporter Werner D[...]. Reasons: Audit got aware of a attempted data privacy breach and abuse of supporter power by named supporter, documented in i20140814.1 [1]. Audit has not the tools and power to prosecute an individual based on his/her misbehaviour. Therefore, I'd would like to ask arbitration to take over the case and handle the individual prosecution against named supporter. The Supporter violated § 8 in conjunction with § 9 Privacy Policy [2] by attempting to look up the data related to an email address posted to the public mailing list (cacert-support@lists.cacert.org) with a support question. Based on his statement, the attempt was not successful, since the address does not exist in our database. This case might be related to [4]. Best Regards Benedikt [1] https://wiki.cacert.org/Audit/Incidents/i20140814.1 [2] http://www.cacert.org/policy/PrivacyPolicy.html [3] https://wiki.cacert.org/Arbitrations/a20140624.1 [4] https://wiki.cacert.org/Audit/Incidents/i20140625.1
([...] anonymised)
Discovery
Update of claimant
Benedikt who filed the case as internal auditor has resigned from that post and so far there was no successor. By this it seems that the role of claimant has fallen to CAcert represented by board. Board has agreed with this point of view via motion motion m20160921.2. Benedikt did not respond when he was informed about according considerations.
- 2016-08-20 iCM: Because of this the claimant is updated to be "CAcert (represented by board) - [formerly Benedikt H (as internal Auditor)]"
Benedikt as a person is not party of this case.
Further details can be found in the history log and in FrOSCon-2016-Report a report of a session to clarify the future of a multitude of cases where the filing member had resigned but which possibly looked as cases filed in a CAcert role. The current case was one of them.
request for withdraw by new claimant
The part in the named review regarding this case reads:
2. a20140815.1 - "Attempted privacy data breach" Link: a20140815.1 short summary of dispute: Audit got aware of a attempted data privacy breach and abuse of supporter power (documented in i20140814.1) by attempting to look up the data related to an email address posted to the public mailing list with a support question. further comments when asked by Gero and Dirk, Eva revealed to them, that respondent of a20140712.1 is same as of this case (This possible relation was already named by Benedikt.) Dirk and Gero (both: role board): * there now is the privacy CATS and another focus of privacy in support training * the supporter has left Support, no need to prosecute him further, personally * ask to merge into a20140712.1, as same kind of issues with same supporter
The later points were confirmed by motion m20160921.2.
Merge Decision
2016-09-30 iCM: As both cases are about comparable issues and the issues named in this case seem to be of a less drastic nature than those of a20140712.1 and because claimant and respondent are also the same and that other case is older, this case should be merged into the older case as requested by the claimant.
If the Arbitrator of that case later sees a need for seperating both cases again, this remains to be possible. A merge only saves trouble and work for all involved persons and hopefully enables Arbitration to clarify both disputes quicker which is again in the interest of everybody involved.
Execution
not avialable see: a20140712.1
Similiar Cases
- related Incident