Sat Sep 12 16:05:27 GMT 2009
I think there's perfectly reasonable scenarios for both soft and hard deletes, with and without audit trails.
1. Soft delete:
A user signs off of your service, but you need to keep (anonymized) stats data consistent for your customers - here you cannot remove the entire user, you just blank his personal data (name, email, phone, ...) and keep the anonymized statistical data (country, birth year, profession).
2. Soft (or super-soft) delete with audit trail:
Any financial transaction data, even if entered by error, may only be corrected by adding a correction entry, not by deleting the erroneous entry, or the IRS will be all over you. So either you flag it as deleted (soft delete) or you correct it by adding another entry ("super-soft delete").
3. Hard delete with audit trail:
A user unsubscribes from your newsletter. No need to keep the info "he once was subscribed to it" in the live database, but need to keep the info somewhere accessible in case he sues you for spamming and you can prove "but back in August when you got the mail, you were still subscribed".
4. Hard delete with no audit trail:
Personal data as in #1 if your local data protection laws require. (This means *no* more storing, *anywhere*, technically speaking not even in last month's backup, but that's another issue altogether.)
And Udi think is real life, people usually never really delete something - http://www.udidahan.com/2009/09/01/dont-delete-just-dont/
(google search) (amazon search)