Sometimes site users email and ask for "all their information to be removed from the site". This comes in various forms, from "please deactivate my account" (easy) to "Remove all of my information COMPLETELY from your systems" (maybe not so easy).<p>What are recommended approaches for dealing with this?<p>I'm assuming that "soft deletion" isn't actually "removing information completely", but trying to engage consumers in that conversation isn't productive.<p>Also note that if destroying data is on the table, that deleting one person's records may necessarily destroy another person's (for example, in-site communication between 2 users).<p>Considerations:<p>1. Feasibility: What does this mean? I think some users may mean "scrub traces of my access from your logs, delete database records (and possibly from backups)".<p>2. Legal/Ethical concerns: What, if any, legal concerns are there with this? What, if any, are the ethical considerations surrounding this type of request?<p>3. Obligation: What obligation or responsibility does a site have to abide by these sorts of requests, if they <i>are</i> feasible?<p>4. Recommended practices: Independent of how feasible it is, what the legal or ethical responsibility is, whether such an obligation reasonably exists -- what are some of the ways that people deal with (or recommend dealing with) these types of requests?
The first thing that comes to mind is if you have legal or business requirements to retain financial information, you may not be able to <i>COMPLETELY</i> remove all traces of a user.
This is often impractical to the point of being impossible. Rather than doing this, perhaps designing a system where all PII is hashed through some sha method, and a a custom ID/salt for the user. If they ask you to delete you say sure, and remove that one relationship.<p>This will screw up searching and indexing data though.
I love when companies have a delete account button, I'm not sure about conjoined data but if I delete my account I expect to be expunged or anonymized in a reasonable time and gradually forgotten as backups grow old. I have deleted my account on lots of websites and would probably delete 200 more today if they had that facility just for the sheer unlikeliness that I will need them again.<p>Think about how many 100s of websites you must have registered on by now... all those idle accounts just waiting to be sold, hacked, leaked. At least one of those sites probably has "/accounts.txt" just sitting there, their first foray into database driven sites.<p>If I start another company that requires user registration it will definitely have a delete account button.
the law will ultimately be the deciding factor however adding in some relevant T&Cs would be a good first step.<p>Ultimately in most countries you will be required to delete personally identifying information upon request, I would expect this to include name, address, dob etc. It would not include meta data which is not really identifiable if the previously mentioned data has been deleted. Messages in a forum is perhaps something you need to consider but I would push this onto the user, i.e allow them to edit/delete old posts.