
Ask HN: “Remove me and all my info entirely from your database and records”? - ezl
Sometimes site users email and ask for &quot;all their information to be removed from the site&quot;.  This comes in various forms, from &quot;please deactivate my account&quot; (easy) to &quot;Remove all of my information COMPLETELY from your systems&quot; (maybe not so easy).<p>What are recommended approaches for dealing with this?<p>I&#x27;m assuming that &quot;soft deletion&quot; isn&#x27;t actually &quot;removing information completely&quot;, but trying to engage consumers in that conversation isn&#x27;t productive.<p>Also note that if destroying data is on the table, that deleting one person&#x27;s records may necessarily destroy another person&#x27;s (for example, in-site communication between 2 users).<p>Considerations:<p>1. Feasibility: What does this mean? I think some users may mean &quot;scrub traces of my access from your logs, delete database records (and possibly from backups)&quot;.<p>2. Legal&#x2F;Ethical concerns: What, if any, legal concerns are there with this? What, if any, are the ethical considerations surrounding this type of request?<p>3. Obligation: What obligation or responsibility does a site have to abide by these sorts of requests, if they <i>are</i> feasible?<p>4. Recommended practices: Independent of how feasible it is, what the legal or ethical responsibility is, whether such an obligation reasonably exists -- what are some of the ways that people deal with (or recommend dealing with) these types of requests?
======
jlgaddis
The first thing that comes to mind is if you have legal or business
requirements to retain financial information, you may not be able to
_COMPLETELY_ remove all traces of a user.

~~~
greenyoda
That's a good point. One really obvious case of this is that if the user owes
you money or you owe them money, you can't delete their account until the
transactions are settled. And you'd need to keep the records for some period
of time to be able to prove that you paid them, in case they claim otherwise.

Or maybe you've paid the user and need to report the transaction to tax
authorities (e.g., a form 1099). Or you may need to have proof of income or
expenses in case you're audited by the tax authorities.

------
bluejekyll
This is often impractical to the point of being impossible. Rather than doing
this, perhaps designing a system where all PII is hashed through some sha
method, and a a custom ID/salt for the user. If they ask you to delete you say
sure, and remove that one relationship.

This will screw up searching and indexing data though.

------
benologist
I love when companies have a delete account button, I'm not sure about
conjoined data but if I delete my account I expect to be expunged or
anonymized in a reasonable time and gradually forgotten as backups grow old. I
have deleted my account on lots of websites and would probably delete 200 more
today if they had that facility just for the sheer unlikeliness that I will
need them again.

Think about how many 100s of websites you must have registered on by now...
all those idle accounts just waiting to be sold, hacked, leaked. At least one
of those sites probably has "/accounts.txt" just sitting there, their first
foray into database driven sites.

If I start another company that requires user registration it will definitely
have a delete account button.

------
celticninja
the law will ultimately be the deciding factor however adding in some relevant
T&Cs would be a good first step.

Ultimately in most countries you will be required to delete personally
identifying information upon request, I would expect this to include name,
address, dob etc. It would not include meta data which is not really
identifiable if the previously mentioned data has been deleted. Messages in a
forum is perhaps something you need to consider but I would push this onto the
user, i.e allow them to edit/delete old posts.

------
detaro
Where in the world are you?

