I am working on a PHP/MySQL driven website with a membership system.
The website allows users to insert and update information on their profile.
I've always been taught to not allow users to delete information from the table, and instead just update it and change the status.
The dilemma I have is this:
I have given the user two options.
Account deactivation - This will keep all their info on their database and allow them to reactivate at a future point.
Account deletion - This will delete all their info and not allow them to reactivate.
For account deletion, should I be actually be deleting the information from the database?
Depending on the country in which you operate, there may be regulatory implications of not deleting information on a user after they have requested that you do so. You can however make it clear to them at time of deleting that the data is no longer accessible by the public, but that it will be kept on record for x weeks/months/years. Alternatively, if you have no use for the data, you should remove it from the database.