We need to revisit https://dev.gridrepublic.org/browse/DBOINCP-410 in light of the "right to be forgotten". Right now we:
- Remove (some?) personal information from boinc.user (name, email, signature, ???)
- Anonymize forum posts (to some extend)
We need to clarify what data cleansing we are legally obliged to do:
- Full record removal from boinc.user and boinc.host after all associated workunits and tasks got removed
- Prevent work fetch for user accounts that are flagged for deletion such that they actually run out of work and can be deleted (see previous point)
- Define and implement a rule for regular/periodic deletion of stale accounts
- Cascading Drupal account removal (user, preferences, messages, forum posts)
- How to handle owned topics?
- How to handle comments already quoted by others?
- How to handle owned teams?
- We might be legally obliged to notify sites that use publicized information by us, like the stats sites, about an account removal request!