
Ask HN: How should I manage removing customer data and backups? - kaptain
This question has a couple of different aspects to it, the main aspect to be addressed, though, is the relationship between customer data and backups.<p>1. One of our customer promises is to remove customer data when a customer has stopped using our service. Is a `DELETE FROM data WHERE userID=5` plus a `rm -rf data_attachments&#x2F;customerID&#x2F;5` sufficient? Are there other methods of data disposal I should consider? Are there other issues to think about?<p>2. We regularly backup all of our data. Because each customer&#x27;s data is a subset of the application data, that data is stored in the backups. When a business entity says that it has destroyed all customer data, what does it mean for that data to still exist in the backups? Is this legal? Are there solutions to this? One &quot;brainstorm&quot; solution was to go back into the backups, decompress the archive, wipe that customer&#x27;s data from that data set, recompress, and re-store it. It seems to me that fiddling with backups destroys the purpose of a versioned backup.
======
mtmail
You can encrypt the user data, let's say files or photos, with a user key and
store the key in the user record in your database database. Even if the backup
is on tape (hard to delete just one file) deleting the encryption key from the
database renders it useless.

------
LarryMade2
How about logging your deletions so if you need to recover from backup you can
play out the deletion log to take care of such things.

