Should users data be removed upon their request?
I have a commercial web startup. From a legal standpoint does maintaining users record (database info) if they decide to delete their account outweighs deleting their record?
- Maintaining the users record, even if they delete their account, can protect users and myself, from legal issues by having solid evidence.
- Deleting a account, can save some server space and prevent users from claiming that there is a privacy/respect issue.
-
As a side note, does anyone know if sites like ebay and amazon actually complete delete their user records? – Dave Valentine 12 years ago
-
I don't know about eBay/Amazon, but this is a negative point for me if a site keeps my information even if I don't want it to. Respecting your users' privacy is a common courtesy that is so missed dearly here in the US... – Littleadv 12 years ago
-
BTW: Some information must be kept (for example, billing history) even if the account is deleted. Check it with your local legal advice. – Littleadv 12 years ago
-
information required for tax purposes will also be kept – Mhoran Psprep 12 years ago
-
Also - if there is a social aspect to the site, the persons submissions may be of value to the community, so one should craft in the EULA what is personal and public data. – Jim Galley 12 years ago
-
Where are you based? Different countries have different rules on this. – Dj Clayworth 12 years ago
-
@DaveValentine Facebook distinguishes between a 'deactivated' and 'deleted' account. A deactivated account is kept but disabled. A deleted account is now completely deleted; although it takes some time for everything to be removed from all servers. – Dj Clayworth 12 years ago
4 Answers
You should be very aware of the rules on data retention and data privacy for the legal jurisdiction(s) you operate in. Some places will give you a lot of legal trouble if you retain the information of a user who has 'deleted' their account.
For example the Privacy Commisioner of Canada conducted an investigation into Facebook and found them to be in contravention of the Personal
Information Protection and Electronic Documents Act. She was able to effectively compel them to remove both deactivated and deleted accounts completely from their databases after a reasonable time or face penalties under the act. From the investigation: "The Act is clear that organizations must retain personal information only for as
long as necessary to fulfil the organization’s purposes, that organizations
should develop guidelines and implement procedures with respect to the
retention of personal information, and that such guidelines should include
minimum and maximum retention periods." A similar investigation in the UK led to similar results.
-
This is absolutely correct. If you're an international company, you can spend a LOT of time (legal and IT departments, especially) dedicated to getting this right. It could have significant impacts on system architecture as well, especially if you don't anticipate up-front the potential for wildly differing jurisdiction rules and your business requirements. – Mark Freedman 12 years ago
I don't think it's really viable to delete their information. Even if you remove it from your application, you aren't going to go back to every back up that contains them and remove them from those as well. With that in mind, claiming you have deleted them would be somewhat dishonest.
You can delete them from your database if you like (it is probably a good idea to help limit database growth), but don't claim in your terms that you delete all their data.
-
Backups should not be retained indefinitely. – Dj Clayworth 12 years ago
-
Why not? I think it's a good idea to keep backups at different intervals? ie. daily for the last month, weekly for the last 6 months, monthly for the last year, and then yearly indefinitely? Storage is so cheap, why wouldn't you? – Joel Friedlaender 12 years ago
-
Because if you have data from customers who think they have deleted their accounts, and they are stolen, then suddenly those customers find thieves have their data even though they thought it had been deleted. That will get you in a lot of legal hot water. See my answer for more details. – Dj Clayworth 12 years ago
-
As long as you are clear in your terms of service/privacy policy, I can't imagine how this can be a problem. Assuming your service is optional, and people opt to use it and agree to your terms, I am not a lawyer but it would be pretty tough for that to be illegal. – Joel Friedlaender 12 years ago
-
I suggest reading the Facebook story. I think you'll be surprised. – Dj Clayworth 12 years ago
-
I read your link of "an investigation into Facebook". I was not surprised. I saw nothing in there that goes against my point. What exactly did you find in there that made you think this is illegal? Even if something in there did state that (which I do not believe is the case), this pertains to Canadian law, and may not affect the asker, nor many other people. – Joel Friedlaender 12 years ago
-
There's various liability aspects that can come up from keeping data too long - do some research into document retention policies/practices. – Nick Stevens 12 years ago
-
@JoelFriedlaender "The Act is clear that organizations must retain personal information only for as long as necessary to fulfil the organization’s purposes". Keeping backups is not "the organization's purposes". When you've stopped providing the user with the service they asked for then keeping their data unnecessarily is illegal. – Dj Clayworth 12 years ago
-
@DJClayworth I don't agree that your conclusion directly correlates with the statement. As mentioned at the top, I am not a lawyer, I just hope people get real advice before making any decisions on this. There is too much subjective information here that is claimed as fact. – Joel Friedlaender 12 years ago
-
@JoelFriedlaender I agree. People should certainly check with their lawyers. – Dj Clayworth 12 years ago
Be very clear in your cancellation policy. There are situations where a temporary 'soft' delete might be appreciated: accidents happen, accounts get compromised, disgruntled employees act maliciously. It would benefit you if an owner could verify themselves and have their account and data restored. You could keep it for 30 days. It could also be a great excuse to send a former client and email telling them their time is up, but if they would like to return as a customer, you have their data.
You are taking a risk when you manage client's data and there is little reward from former clients. Be dilligent and as Joel recommends, don't forget about the backups. Clients need to know they exist, how long you intend on keeping them, and that they are in a secured location.
In general, not much is deleted these days, as storage is so cheap. However, if you are concerned about server space, why not just archive the "deleted" data to an offline store?
Perhaps you should mention your data-retention policy in your terms, so that people know what will happen. If you are silent on the matter, the rules will depend upon your jurisdiction. Furthermore, in some jurisdictions, whatever you have in your terms is over-ruled by local regulations.
For example, it used to be required to delete telecoms call records within 12 months in Germany, while the UK allowed you to keep them.
-
"We will keep your personal data for ever, even if you ask for it to be deleted" would certainly stop me from signing up for your service. In some countries it would get you in legal trouble. – Dj Clayworth 12 years ago
-
Yes, that's why I mentioned "...the rules will depend upon your jurisdiction." – Steve Jones 12 years ago
-
You seemed to say that the rules will apply only if you are silent on the matter. I think you will find that some rules will apply whatever you say. I believe it's also bad policy to keep users private data for ever. – Dj Clayworth 12 years ago
-
I was talking about defaults, i.e. implied terms of contract. Not worded well, I guess. – Steve Jones 12 years ago
