

Deleting vs. "deactivating" information? - jmiller_hn

Consider a typical social networking situation: John, a member of Site X, invites Mary to become a member.  In doing so, Site X sends Mary an e-mail containing the invitation, some of whose content is provided by John.<p>Question 1: Should Site X retain a copy of the email's contents, particularly the part from John?<p>Question 2 (extra credit): Before Mary can accept John's invitation, John retracts it through some standard feature offered by Site X. Should Site X mark that invitation as "retracted", but, in doing so, retain the information that John had sent and retracted the invitation?  Or should it delete all traces of the invitation ever having been sent?<p>Assume that Site X's actions are consistent with the site's terms and conditions, to which John and Mary agree upon joining.<p>When I put my privacy hat on, I know how the site should behave: keep as little as possible, and delete as much as possible.  But, as the site founder/developer/whatever, I'd think that having records of the interaction between John and Mary to be legally comforting (e.g., Mary sues John for harassment, and sues Site X along the way).  Or, again from that legal perspective, would I actually be better off having no record of the interaction at all? IANAL, obviously.<p>Thoughts?
======
maxawaytoolong
I don't know how you're set up, but when I did database backed web development
back in 2001, actually deleting all of a user's information was non-trivial.
It would either mess up the integrity of the database, causing unpredictable
errors later, or would involve long, costly delete cascades. So when sites
like Facebook just de-activate you, I just assume it's because it is a pain in
the ass to actually do the delete, not that they really care that much about
keeping your data around to give to the CIA later...

So... I dunno, with your site, CAN you actually delete everything without it
being a huge technical burden to do so?

~~~
jmiller_hn
Yet another good point; I've run into that, too. In this case, the information
is relatively segmentable, so it could be deleted without causing lots of
chaotic running around the database, dumping this and that.

------
maxdemarzi
You are forgetting Database back-ups.

John Sends an e-mail to Mary, Database gets backed-up, John retracts e-mail.
Whether you delete or retain the email information in your current records, it
got saved overnight during the db back-up. If that db was a weekly or monthly
backup that you keep for a year or longer, then you have it.

I think it has become extremely difficult to remove all trace of our online
actions.

Fight for privacy, but act like you are being watched, otherwise you'll come
to regret it sooner or later.

~~~
jmiller_hn
True enough; good point. My concern right now is finding the right balance
between (a) doing the Right Thing re privacy and (b) insuring that my site
doesn't get sued out of existence because it kept (or didn't keep) some
information it should (or shouldn't) have.

So: If you (or someone else out there) were writing the code dealing with
these parts of the site, would you preserve that information in the database,
with the intent of keeping it for an arbitrarily long time, or not keep/delete
it?

