With every new project, there is always that one difficult question that must be answered: How do we handle deleting user data?
The discussion is usually centered around the same points:
- What type of data is being stored? Personally identifiable information (PII)? Transaction receipts? Photos?
- What happens if a user or a bad actor deletes something? Do we need the ability to restore?
- Can a user account be canceled/deleted/suspended by the user or an admin?
- Are there legal ramifications for keeping or deleting the user’s data?
- Should there be a retention period?
- What happens if a user has purchased something, and we are legally required to retain those records?
- Must the app adhere to a regulation such as GDPR, CCPA, or ISO27001?
- How much do we trust our users?
These are all business cases that must be considered to ensure your policy is explicit. The answers to these questions will likely drive your Terms of Service, which protects the business, and the Privacy Policy, which protects the user.
We often find that it is impossible to fully delete all user data. Because most applications use a relational database, removing the record of a user will likely cause unwanted side effects. Also, if the application includes any monetary transactions, you must retain these for accounting purposes.
What most companies implement is a soft delete, which deactivates an account and removes any PII. If the data must be restored, the only data that must be re-populated by the user is the PII.
Regardless of where you land, it’s important to be up-front with your users about what to expect when they register for or de-activate an account.
No Comments Yet
Let us know what you think