This is how I usually implement delete. Deleting a record can have many cascading effects and there is no possibility for undoing it if it was an error. I think this is a pretty standard way of doing it.
I agree with the fact a hard delete may have unintended effects, even in the best design, but in my ideal world I'd rather make allowances for that than simply offer my users the illusion I'm deleting their data.
I think that may be a view shared between developers who care about ethical practices, where our personal ideals and how we think we should respect the user takes precedence over the data collection and profit motive.
I think it's important to remember websites are dealing with actual people, who aren't a new commodity to be exploited for capital gain. Who aren't little mines full of precious data ready to extract at any cost.
Of course, none of this really matters. Whether you delete something or not, it will be routinely stored, over and over again, on some backup server. It's there forever.
I think it's a bit of a jump to imply that if I don't actually delete the data that I don't care about ethical practices nor my users.
For me, at least, it all depends on what 'delete' means to the user. There are some people out there that want 'delete' to mean "I don't want this stored anywhere anymore". There are other users that want it to mean "I don't want to see this anymore".
Unfortunately, people in both groups sometimes regret deleting stuff. Those in the first group accept the responsibility, however some people in the second group feel as though it's a problem with the system that they are using when they cannot restore the data easily. There are a lot of people that appreciate the "Recycle Bin" in Windows and never empty it.
Now, I've written a number of systems over time and I've implemented 'delete' in most of them. Sometimes I do an actual delete, sometimes I set a flag. It all depends on what I expect my users to actually want. It's got nothing to do with trying to exploit them for capital gain though, that's for sure!
I'd certainly like to think I'm an ethical developer, and I always implement the delete as a flag.
I, however, do not implement an easy way to retrieve deleted data without going into the database or through an administrative interface with heavy auditing.
It isn't just about data mining for customer data -- it's about data mining for site usage and user activity. Using metrics off of visited web pages or tracking that way can be too convoluted when the KISS method is: flag it on the data side and you can interpret flow.
This is one stage of deletes (mark for deletion). The 2nd equally important deletion metric is to purge the deleted records (expunge)... this may be a complicated process, stubbing out or redirecting pointers where need be.
You can force local governments to expunge your data (it's not just off the records, it's forcibly erased).
I think this weight of eternal data is both unnatural and unsustainable. All living things die. Things that don't have a natural cycle of creation and destruction are abominations and should rightfully be feared (see Corporation).
