Also keep in mind the perspective and context that the end user has no way of knowing.
And even if the data can be recovered in an unofficial manner whether they will actually bother is highly unlikely if they care as little as they most obviously do.
So, as a user it is a pretty safe bet to just assume it is gone (but do keep poking).
"Your data has been deleted" pretty much has always meant that it was deleted from the live servers and that the deletion will propagate through backups depending on the orgs retention policy/requirements.
MailChimp, the organization, first stated that all data was completely wiped, and when threatened, promptly produced the previously wiped data. MailChimp, as an organization, lied. It doesn't matter if the support agent didn't have the capabilities or not, that's an internal thing.
The organization knows that they have the data, but they trained their staff to reply that it was destroyed.
That's a lie. Not an untrue statement, but a deliberate lie.
If I turn on Windows Backup on my Mom's laptop and she right clicks a file and selects "Delete" is the expected behavior that it be deleted in every backup as well?
> Are you suggesting that the delete command shouldn't be trusted because there might be a backup of the file somewhere?
No, the exact opposite in fact.
Am saying that if you weren't told there's a backup, you'll not think there's one and treat the data as completely deleted, even if they really aren't.
We don't know the exact messages. If the poster asked for a copy of his data and was told it was deleted, then yes, that was a lie (although possibly the person sending the message genuinely might not have known better, which puts the fault more nebulously at "the company"). If they asked why their account was gone and the response said "all data has been deleted" without offering a copy of it, it's just bad service.
(Although given privacy regulations, it's a bad sign if a support agent can't give a precise answer about data stored or at least know not to make unchecked claims about it)
Either the data is deleted or it's not. If I send you a GDPR request, you reply "it's all deleted" then at a later date, data magically appears, that's an obvious per se violation.
>>"Your data has been deleted" pretty much has always meant that it was deleted from the live servers and that the deletion will propagate through backups depending on the orgs retention policy/requirements.
No it doesn't. Deleted most places means deleted and gone forever. There are a number of legal requirements (in the U.S.) at least when dealing with certain government organizations, and many non ones as well surrounding this. Think of it this way, a customer comes and says, there is sensitive information on your server, and since we no longer want to do business with you, you are now required to delete it. Normally there is an end date to allow the backups to be purged through propagation etc., but at the end, when they say it's deleted, it means deleted from everywhere. Sometimes this also means completely wiping drives so there is absolutely no trace of it left.
That's...fascinating. While we have lots of corporate personhood, I normally disregard blaming specific actions on a company because at the end of the day a person makes the call. But here you've pointed out that a company, operating as a collection of people, can "act" in ways that may be unintentional or may be deliberate, but are hard to pin down to a specific person.
Definitely worth considering in more depth, thanks for the perspective.
It's the main reason for corporate structure in the first place. To shield individuals from personal liability. CEO tell VP who tells Senior Manager who tells Department Manager who tells worker bee to do something. Everyone has an out. They either were "misunderstood" or they were "following instructions"
Yknow the paperclip maximizer? The thing where a paperclip company makes an AI that takes over everything, making it into paperclips? Well, actually you don't need any fancy AI. The paperclip company is already a [Local Currency] maximizer from the start.
Check out The Myth of the Machine by Lewis Mumford, specifically the second volume The Pentagon of Power, which gets into the idea of the modern "megamachine"
Exactly. Corporate structures, governance, and regulation have been formulated to treat corporations as "persons".
Well, that "person" lied. Regardless of the specific agency it employed in doing so.
(And, this type of banning and cut-off from data is obviously -- just look at the comments here -- not a one-off scenario. I find it difficult to believe that the consequences, including the customer's lost access to their data, were not thought about by MailChimp, as an organization and by people in their official roles within MailChimp.)
P.S. As I've grown older and observed and thought about things, I've come to see this as a primary role of the corporation or other such entity: To "dilute" responsibility and accountability to the extent that no member -- or, no member who has sufficient influence, who "matters" -- is ever held personally accountable for their actions within and on behalf of the corporation. [Addendum: And, in turn, the corporation is never truly held accountable, because the employees involved "lacked knowledge". Nicely circular, eh? By the way, I don't consider paying a dollar amount that is often a fraction of the gains realized by the behavior, to be "being held accountable".]
I've stopped letting people in such corporate or institutional roles off the hook, just because "they didn't know". Or rather, I've stopped letting the corporations and institutions off the hook because employee X didn't know. All too often, it's set up precisely that way and on purpose.
The first level support person isn't lying if he/she doesn't truly know whether the data is recoverable. A manager higher up, who approved the script and knows better, is lying however. To the end user it makes no difference who the liar is, only the the lie is being told.
It goes lots deeper than that. It's not uncommon for corporations to be setup to prevent leaking or discovery of sensitive information. Military intelligence agencies are notorious for that.
Top executives maintain ignorance of operational unpleasantness. Technical staff know operational specifics, but little about business design and usage. Intermediate management know pieces of business design and usage, but nothing about technical implementation.
Nobody needs to lie, and still there's often no way to know for sure what happened.
I once had a job where I eventually figured out this was implicitly was I was hired to do, be the guy who gets lied to so it's not a lie when you tell the customer. I didnt last long.
You exaggerate, but actually, this is a good reason to avoid accusing people of lying unless you understand the situation pretty well. Honest mistakes do happen a lot.
It doesn't matter if the individual people at MailChimp were liars.
What matters is that the institution as a whole - the way their policies and procedures come together - lied.
The institution certainly knows of it's capabilities. It deliberately chose to not tell that to it's CS reps, because of a multitude of reasons, that come down to 'It makes our/their jobs easier.'
My ISP, for example, lies to me every time I make a call to customer service. Is the front-line CS rep lying to me? No. But his employer is, by making him tell me a pile of bullshit about why my Internet is busted - again.
Well, but that's anthropomorphizing. Institutions don't really know things, people do. Getting stuff out of one person's head to all the people that could use it actually takes a lot of effort. (Look at how terrible medical record systems are.)
Also keep in mind the perspective and context that the end user has no way of knowing.
And even if the data can be recovered in an unofficial manner whether they will actually bother is highly unlikely if they care as little as they most obviously do.
So, as a user it is a pretty safe bet to just assume it is gone (but do keep poking).