Old Deleted Private Messages Have Returned 9 February 2020 at 4:03PM edited 10 February 2020 at 12:42PM in Site feedback 11 replies 271 views

jamesd

MSE_Tine said:

Thank you for letting us know that your previously deleted messages have re-appeared in your inbox and we’re sorry to hear this is causing you distress

Just to be clear on this, the appearance of deleted content appears to be a useful accidental disclosure of possible lawbreaking by MSE and useful rather than distressing.

What is potentially distressing are:

1. the apparent massive breach of trust and law (note 1) by MSE.

2. the apparent need to complain to the Information Commissioner about MSE apparently not placing deleted content beyond access (note 1) by MSE employees for at least fourteen years. Possibly also some employees accessing deleted (or not deleted but "private") content as or not as part of their jobs.

3. the apparent lack of a private messaging feature in the new forum software. There's a group private discussion feature but that isn't the same thing, appears to lack the critical delete functionality. MSE appears to be intending to retain such discussions - and the obligation to keep them secure and private - indefinitely unless forum user adopt the practice of routinely making data removal requests.

In essence MSE is in a position similar to a standard POP3 email provider that has been caught saving emails for decades after the standard email retrieve then delete instruction has been sent and received. It's a gross breach.

Note 1: The concept of placing something beyond reach is an important exception in the law. To understand why, consider a database server. When it is told to delete something it would typically create a new version of the relevant data page that has none of the deleted data in it and that version would be used for new requests for information. The old version containing the deleted data would be marked as deleted but kept around until the last of the already running database transactions finish, so their world doesn't change under them. After that it'd be available for reuse somewhere and effectively gone but still potentially recoverable by corrupted database recovery tools. As long as that recovery was done only due to damage and not to get to specific records the organisation would normally be considered to have made the data beyond access once the delete instruction was carried out. It's obvious that MSE never gave the expected database delete instruction but I've used woolly words like "apparent" to leave scope for MSE to assert that they rendered it beyond access in some other way. Depending on the details, such an assertion could be valid.