EXTENDED: You've got another week to add your travel & holiday deals questions for expert MSE Oli as part of the latest Ask An Expert event.
Old Deleted Private Messages Have Returned
edited 10 February 2020 at 12:42PM in Site feedback
11 replies 271 views
This discussion has been closed.
Latest MSE News and Guides
Energy Price Cap change
Martin Lewis on what it means for youMSE News
Best £1 you've ever spent?
Share your most impressive bargainsMSE Forum
New MSE Forum avatars available
Try 'em out nowMSE Forum
What is potentially distressing are:
1. the apparent massive breach of trust and law (note 1) by MSE.
2. the apparent need to complain to the Information Commissioner about MSE apparently not placing deleted content beyond access (note 1) by MSE employees for at least fourteen years. Possibly also some employees accessing deleted (or not deleted but "private") content as or not as part of their jobs.
3. the apparent lack of a private messaging feature in the new forum software. There's a group private discussion feature but that isn't the same thing, appears to lack the critical delete functionality. MSE appears to be intending to retain such discussions - and the obligation to keep them secure and private - indefinitely unless forum user adopt the practice of routinely making data removal requests.
In essence MSE is in a position similar to a standard POP3 email provider that has been caught saving emails for decades after the standard email retrieve then delete instruction has been sent and received. It's a gross breach.
Note 1: The concept of placing something beyond reach is an important exception in the law. To understand why, consider a database server. When it is told to delete something it would typically create a new version of the relevant data page that has none of the deleted data in it and that version would be used for new requests for information. The old version containing the deleted data would be marked as deleted but kept around until the last of the already running database transactions finish, so their world doesn't change under them. After that it'd be available for reuse somewhere and effectively gone but still potentially recoverable by corrupted database recovery tools. As long as that recovery was done only due to damage and not to get to specific records the organisation would normally be considered to have made the data beyond access once the delete instruction was carried out. It's obvious that MSE never gave the expected database delete instruction but I've used woolly words like "apparent" to leave scope for MSE to assert that they rendered it beyond access in some other way. Depending on the details, such an assertion could be valid.