OGreger, in the past it may have been true that disk storage was expensive and slow enough that deleting data was something that people worried about.
It seems to me that this should really no longer be an issue and should be considered harmful. I'm not talking about keeping terrabytes of data on each user, and i'm not talking about refusing to delete sensitive security information that should be purged.
But I am saying that if you are writing a software system, and think to yourself "we can save 10% of the database size if we purge old accounts" then take a deep breath and don't do it.
In fact, I'd venture a rule of thumb that would go something like this, until you are talking about growing the database to 1000% of it's normal size, i would not even consider purging items from the database, and at that point you would do well to simply *move* such inactive accounts to a secondary database, and not eliminate the data.
Perhaps another way to view what I am trying to emphasize from a programming perspective is this:
As programmers when we are writing a system (for example a forum system), we often fail to plan for the idea of *disabled* items.
So imagine you are designing a forum system, which creates user accounts, posts, sections, etc. Now there will be times when you need to eliminate such user accounts, posts, sections, etc. Now ask yourself -- are these actions reversible, preserving all old information? Do you have a way to disable instead of purge these items? Are all your functions coded in such a way that they distinguish between "disabled" items and normal items? Or is your code set up such that you have to actually permanently purge such accounts to disable them.
Some "defensive" programming practices have become more commonplace in modern programming, such as test case generation and source control. But issues of Auditing/Logging1
are much less common. I'd like to suggest this concept is an important one as well, which might be called: "Disabling over Deleting
1 recently i discovered i had made a change that had misconfigured the email address that requests for the silly cody kits were being sent. after a month had past that i figured out the form submissions were never being sent. i was able to recover all of the submissions because i had created in the script a backup procedure that always logged form submissions into a simple text file at time of submission -- not as convenient to parse but as a redundant backup system it worked perfectly.