Please delete my account and remove all information from your system and revoke all of my
certificates associated with <email anonymized>

Before: Arbitrator UlrichSchroeter (A), Respondent: CAcert (R), Claimant: <anonymized> (C), Case: a20100131.1

History Log

Discovery

SELECT id, fname, mname, lname, suffix, dob FROM `users` WHERE email = '<email>';
SELECT n.* FROM `users` u LEFT JOIN `notary` n ON n.`from`=u.`id` OR n.`to`=u.`id` WHERE u.`email` = '<email>';
SELECT d.`domain`, COUNT(dc.id) FROM `users` u LEFT JOIN `domains` d ON d.`memid`=u.`id` LEFT JOIN domaincerts dc ON dc.domid=d.id WHERE u.`email` = '<email>'  GROUP BY d.`id`;
SELECT COUNT(ec.id) FROM `users` u LEFT JOIN emailcerts ec ON ec.memid=u.id WHERE u.`email` = '<email>';

Intermediate Ruling

The sql query result identifies this possible member as an PoJAM case. So therefor I have to intermediate rule that all personal identifiable informations about the user on arbitration file about the under 18 years user have to be anonymized immideatly.

Frankfurt/Main, 2010-11-08

Discovery II

Intermediate Ruling #2

In the discovery phase of this arbitration case, I've found, that there still remains user identifiable data within the system about the user, after the user account has been deleted by the admin console delete function has pressed w/o anonymize the data before using the built-in delete function.

This needs to be repaired, so therefor, the user account in questions needs to be recovered, that a Support-Engineer can access the account and can apply the delete-my-account procedure for SE's including anonymize the user identifiable data in the users account.

So the step here is the Account recovery step.

Therefor I order, critical admin team, to execute following sql query update steps, to recover the users account to a state, a Support-Engineer can hijack the account and applies the Delete My Account Procedure for SEs v2 including a printout to PDF

The user account: Name : xxx Email: xxx ID: xxx

The proposed 3 sql query update lines, that Software-Assessor Michael Taenzer proposed, and I've tested on a local system where <ID> is to be replaced with the user ID of above user:

Frankfurt/Main, 2011-01-26

Discovery III

Intermediate Ruling #3

Frankfurt/Main, 2011-01-28

Discovery IV

(Private Part)

EOT Private Part

Ruling

The original dispute filing "User wishes Account removal" moved to two seperate cases in discovery phase:

  1. the users request of Account removal
  2. PII and problematical sys settings on 1057 of 1074 deleted accounts cases

Part I

  1. I hereby confirm the discovery I steps and resulting Intermediate ruling #1, dated 2010-11-08, to be identified the user as a PoJAM case, that all (C)'s identifiable data to be anonymized under this arbitration file. This step has been executed 2010-11-08 by (A) immediately.
  2. As a former SE executed the delete account request without prior authoritsation by an Arbitrator, the state of PII on users account was in question. The request in discovery phase II result was that there still remains user identifiable data within the system about the user. So therefor the Intermediate ruling #2, dated 2011-01-26 was to recover the deleted account, to process later on the manual delete account procedure for SE's. I hereby confirm intermediate ruling #2.
  3. The users account should be anonymized and deleted as requested by the Claimant.
    • Support has executed the "Delete my Account" procedure for SE's steps thru intermediate ruling execution #3
    • CCA termination date set in intermediate ruling #3 dated 2011-01-28 to: 2010-04-30, I hereby confirm.

Part II

Frankfurt/Main, 2011-02-21

Execution

Similiar Cases

a20090703.2

please remove me from the database (deleted by SE)

a20080702.1

User requests to delete account with Assurance Points

a20090618.3

Assurer requests to delete account

a20090618.5

User requests to delete account with no Assurance Points

a20090826.1

User wants account deleted, no Assurance Points, no certificates

a20090926.1

User wants account deleted, no Assurance Points, no certificates

see also: Arbitrations Training Lesson 20 - Arbitration Case - Delete Account Request

a20090810.2

User requests removal of first (incorrect) account.

a20080702.1

User requests to delete account with Assurance Points

a20080702.1

Assurer requests to delete account

a20090703.2

please remove me from the database (SE special case)

a20090913.1

user want that we remove his name and email from lists archive


Arbitrations/a20100131.1 (last edited 2011-02-21 03:58:33 by UlrichSchroeter)