In the recent eHarmony decision, the Canadian Privacy Commissioner provided some insight into how web sites with accounts that contain personal information should handle the deactivation and deletion of accounts.  She wrote that:  "PIPEDA requires that organizations develop guidelines and procedures with respect to the retention of personal
information, as well as maximum and minimum retention periods.”  and that organizations should:

“1. Develop, implement and inform users about a retention policy through which personal information in deactivated accounts will be deleted from eHarmony’s servers, erased or anonymized after a reasonable length of time;
2.  Include an account deletion option; and
3.  Explain to users on their member account pages how account deletion is distinct from account deactivation, making both options clear and easily accessible. An explanation of the difference between account deletion and account deactivation should also be written nto the general privacy policy."

This decision provides guidance for the implementation of account deactivation and deletion, the anonymization of data as well as the drafting of terms of use and privacy policy.

In view of the decision, owners of web sites should have their terms of use and privacy policies reviewed.