  * Case Number: a20140815.1
  * Status: merged into [[Arbitrations/a20140712.1|a20140712.1]]
  * Claimant: CAcert (represented by board) - [formerly Benedikt H (as internal Auditor)]
  * Respondent: Werner D
  * initial Case Manager: EvaStöwe
  * Case Manager: name case manager
  * Arbitrator: name arbitrator
  * Date of merge: 2016-09-30
  * Complaint: Attempted privacy data breach

  * Relief: TBD

Before: Arbitrator name arbitrator (A), Respondent: Werner D (R), Claimant: Benedikt H (as internal Auditor) (C), Case: a20140815.1


== History Log ==
 . 2014-08-15 (issue.c.o): case [s20140814.121]
 . 2014-08-15 (iCM): added to wiki, request for CM / A
 . 2015-04-30 (A of [[Arbitrations/a20141024.1|a20141024.1]]a20141024.1): R has performed a partial successfull re-training and declared that he will not look up accounts by requests on the open support list. Board (and A of a20141024.1) refused the training as a complete training
 . 2016-04-09 (R): declares immediate resignation from all roles
 . 2016-04-16 (board): accepts resignation of (R) from support  with motion [[https://community.cacert.org/board/motions.php?motion=m20160416.12|m20160416.12]]
 . 2016-05-27 (A of a20141024.1): rules "Werner has resigned from support team. There is no direct need for a training any more and the topic should be dropped. Should he ever apply for a job under SP again, he has to convince an arbitrator (in a case) that he has performed the training as it was described in follow up ruling I before he may be allowed to do that job."
 . 2016-07-05 (Benedikt): declares immediate resignation as internal auditor
 . 2016-07-10 (iCM): contacts board and Benedik about who the claimant of this case would be after resignation of Benedikt as internal auditor and no successor in that role; considers CAcert to be the claimant
 . 2016-07-17 (board) accepts resignation as internal auditor from Benedikt with motion [[https://community.cacert.org/board/motions.php?motion=m20160717.2|m20160717.2]] 
 . 2016-08-20 (iCM, 2 board members): session about clarification of continuation of cases protocolled in [[https://lists.cacert.org/wws/arc/cacert-board/2016-08/msg00009.html|this mail]] and in [[Arbitrations/FrOSCon-2016-Report|FrOSCon-2016-Report]], agreement that claimant of case would be CAcert represented by board and that this case best be merged into [[Arbitrations/a20140712.1|a20140712.1]] as it is of comparable nature
 . 2016-08-20 iCM: the claimant is updated to be "CAcert (represented by board) - [formerly Benedikt H (as internal Auditor)]"
 . 2016-09-18 (board): approves the results of that session with motion [[https://community.cacert.org/board/motions.php?motion=m20160921.2|m20160921.2]] as far as it concerns the part of the claimant/executive 
 . 2016-09-30 iCM: As both cases are about comparable issues and the issues named in this case seem to be of a less drastic nature than those of [[Arbitrations/a20140712.1|a20140712.1]] and because claimant and respondent are also the same and that other case is older, this case should be merged into the older case as requested by the claimant. 
 . 2016-09-30 iCM: informs original claiming person, claimant, respondent, arbitrators of update of claimant and merge


== Private Part ==
 * '''Link to Arbitration case [[Arbitrations/priv/a20140815.1|a20140815.1 (Private Part)]], Access for (CM) + (A) only'''  

## ==> INCLUDE SECTION BOT
<<Include(Arbitrations/priv/a20140815.1)>>  
## <== INCLUDE SECTION EOT

==== EOT Private Part ====

== original Dispute ==

 {{{
Dear Arbitrators,

As CAcert's internal Auditor, I would like to open a dispute against
supporter Werner D[...].

Reasons:
Audit got aware of a attempted data privacy breach and abuse of
supporter power by named supporter, documented in i20140814.1 [1]. Audit
has not the tools and power to prosecute an individual based on his/her
misbehaviour. Therefore, I'd would like to ask arbitration to take over
the case and handle the individual prosecution against named supporter.

The Supporter violated § 8 in conjunction with § 9 Privacy Policy [2] by
attempting to look up the data related to an email address posted to the
public mailing list (cacert-support@lists.cacert.org) with a support
question. Based on his statement, the attempt was not successful, since
the address does not exist in our database.

This case might be related to [4].

Best Regards
Benedikt

[1] https://wiki.cacert.org/Audit/Incidents/i20140814.1
[2] http://www.cacert.org/policy/PrivacyPolicy.html
[3] https://wiki.cacert.org/Arbitrations/a20140624.1
[4] https://wiki.cacert.org/Audit/Incidents/i20140625.1
}}}

([...] anonymised)

== Discovery ==
=== Update of claimant ===
Benedikt who filed the case as internal auditor has resigned from that post and so far there was no successor. By this it seems that the role of claimant has fallen to CAcert represented by board. Board has agreed with this point of view via motion motion [[https://community.cacert.org/board/motions.php?motion=m20160921.2|m20160921.2]]. Benedikt did not respond when he was informed about according considerations.

 * 2016-08-20 iCM: Because of this the claimant is updated to be "CAcert (represented by board) - [formerly Benedikt H (as internal Auditor)]"

Benedikt as a person is not party of this case.

Further details can be found in the history log and in [[Arbitrations/FrOSCon-2016-Report|FrOSCon-2016-Report]] a report of a session to clarify the future of a multitude of cases where the filing member had resigned but which possibly looked as cases filed in a CAcert role. The current case was one of them.


=== request for withdraw by new claimant ===
The part in the named review regarding this case reads:
{{{
2. a20140815.1 - "Attempted privacy data breach"

Link: a20140815.1

short summary of dispute:

Audit got aware of a attempted data privacy breach and abuse of supporter power (documented in i20140814.1) by attempting to look up the data related to an email address posted to the public mailing list with a support question.

further comments

when asked by Gero and Dirk, Eva revealed to them, that respondent of a20140712.1 is same as of this case (This possible relation was already named by Benedikt.)

Dirk and Gero (both: role board):

 * there now is the privacy CATS and another focus of privacy in support training
 * the supporter has left Support, no need to prosecute him further, personally
 * ask to merge into a20140712.1, as same kind of issues with same supporter 
}}}

The later points were confirmed by motion [[https://community.cacert.org/board/motions.php?motion=m20160921.2|m20160921.2]].

== Merge Decision ==
 * 2016-09-30 iCM: As both cases are about comparable issues and the issues named in this case seem to be of a less drastic nature than those of [[Arbitrations/a20140712.1|a20140712.1]] and because claimant and respondent are also the same and that other case is older, this case should be merged into the older case as requested by the claimant. 

If the Arbitrator of that case later sees a need for seperating both cases again, this remains to be possible. A merge only saves trouble and work for all involved persons and hopefully enables Arbitration to clarify both disputes quicker which is again in the interest of everybody involved.

== Execution ==
not avialable see: [[Arbitrations/a20140712.1|a20140712.1]]

== Similiar Cases ==

|| [[Arbitrations/a20140712.1|a20140712.1]] || [[Arbitrations/a20140712.1|Dispute against the acting supporter in s20140623.75]] ||

 * related Incident
|| [[Audit/Incidents/i20140814.1|i20140814.1]] || [[Audit/Incidents/i20140814.1|Attempted privacy data breach]] ||

----
 . CategoryArbitration
 . CategoryArbCaseOthers