Support / Training
Support Handbook / Precedent cases / Precedent case a20140713.1
How to handle "delete account" cases that are similar to precedent case a20140713.1 "Delete Accounts last assurance older than 7 years" (WIP)
TRIAGE shall move all account deletion requests to the SE queue.
Preconditions
- the account shows assurances all older than 7 years
If this precondition is not fulfilled, the request needs to be moved to the dispute queue.
Maybe some other conditions should be checked. If the member has a role, support should know anyway and can check the staff list. That the member is involved in an arbitration is unlikely, but in case of suspicion, support should check.
Step 1
Write a mail to the user to make sure that they really want their account deleted. The mail is similar to the one from Delete my Account cases Init mailing.
Initial mail to user
Dear <user>, We received a deletion request for your CAcert account dated ####-##-##. As your account shows <xxx> assurances given, CAcert needs to make sure that the data protection rules are obeyed. Therefore CAcert needs to prove that the CAcert Assurance Programme (CAP) form used for the assurances are destroyed in a secure manner. Please answer this mail within 21 days (deadline set to: ####-##-##). In the answer you have to point out that you destroyed all CAP forms in your possession in a secure manner and now want your account deleted. The answer should be signed with CARS (CAcert Assurer Reliable Statement) [1]. Otherwise this case will be reviewed by an Arbitrator. If you want to delete your account because you have lost the access to it, an alternative may be to try to recover your account. In this case your assurance points, Experirence points, domains, and certificates would be retained. For more information see [2]. The process for the deletion of an account is laid out in the precedent arbitration case a20140713.1 [3]. [1] http://wiki.cacert.org/AssuranceHandbook2#CAcert_Assurer_Reliable_Statement [2] http://wiki.cacert.org/FAQ/LostPasswordOrAccount [3] http://wiki.cacert.org/Arbitrations/a20140713.1 -- Kind Regards <SUPPORT TEAM MEMBER> CAcert support
Initial mail to user, mixed English and German Version
Die folgenden Formalien müssen in Englisch sein. Ich füge jeweils die deutsche Übersetzung hinzu. Sie können in Deutsch antworten. Soweit nötig, übersetze ich es dann ins Englische. We received a deletion request for your CAcert account dated ####-##-##. If this does not represent your wish, please respond within 21 days (deadline set to: ####-##-##). Wir erhielten die Anfrage, Ihr CAcert-Konto zu löschen mit Datum von ####-##-##. Wenn dies ein Versehen war, antworten Sie entsprechend innerhalb von 21 Tagen (Frist bis ####-##-##). As your account shows <xxx> assurances given, CAcert needs to make sure that the data protection rules are obeyed. Therefore CAcert needs to prove that the CAcert Assurance Programme (CAP) form used for the assurances are destroyed in a secure manner. Da in Ihrem Konto <xxx> gegebene Assurances zu sehen sind, muss sich CAcert vergewissern, dass die Datenschutzbestimmungen eingehalten werden. Daher muss CAcert nachweisen können, dass die für diese Assurances benutzten CAP-Formulare (CAcert Assurance Programme) zuverlässig vernichtet sind. Please answer this mail within 21 days (deadline set to: ####-##-##). In the answer you have to point out that you destroyed all CAP forms in your possession in a secure manner and now want your account deleted. The answer should be signed with CARS (CAcert Assurer Reliable Statement) [1]. Otherwise this case will be reviewed by an Arbitrator. Bitte beantworten Sie diese Mail innerhalb von 21 Tagen (Frist bis ####-##-##). In der Antwort haben Sie darzulegen, dass Sie alle in Ihrem Besitz befindlichen CAP-Formulare zuverlässig vernichtet haben und Sie Ihr Konto jetzt gelöscht haben wollen. Ihre Antwort soll mit dem Zusatz CARS [1] unterschrieben sein. Andernfalls wird dieser Fall durch einen Arbitrator geprüft. If you want to delete your account because you have lost the access to it, an alternative may be to try to recover your account. In this case your assurance points, Experirence points, domains, and certificates would be retained. For more information see [2]. Wenn Sie Ihr Konto löschen wollen, weil Sie keinen Zugriff mehr darauf haben, sollten Sie besser versuchen, wieder an Ihr Konto heran zu kommen. Wenn Sie Ihr Konto wiederherstellen, bleiben Ihre Assurance-Punkte, Erfahrungspunkte, Domains und Zertifikate erhalten. Sehen Sie [2] an für mögliche Wege. The process for the deletion of an account is laid out in the precedent arbitration case a20140713.1 [3]. Das Vorgehen beim Löschen eines Kontos ist im Arbitration-Präzedenzfall a20140713.1 [3] dargelegt. [1] http://wiki.cacert.org/AssuranceHandbook2#CAcert_Assurer_Reliable_Statement [2] http://wiki.cacert.org/FAQ/LostPasswordOrAccount [3] http://wiki.cacert.org/Arbitrations/a20140713.1 -- Kind Regards <SUPPORT TEAM MEMBER> CAcert support
The deadline needs to be set to 21 days from the date of processing.
Before sending the initial mail to the claimant:
- set the next ticket state to "pending reminder"
- the pending date to the deadline date
- the type of issue to "Delete account precedent".
Step 2
- if the user confirms the destruction of the CAP forms, continue
- if there is no response until the deadline, transfer the case to arbitration
- otherwise see what has to be done
The data for the anonymising string is taken from the next number at the bottom of the precedent case a20111128.3 following this structure a20111128.3.x where x is the next free number, see Audit Section of precedent case a20111128.3. To differentiate this case from the standard case a20111128.3, an 'A' is added after the date in the field "CCA termination date".
Depending on the latest expiry or revocation date of the certificates, there are two different steps to proceed.
a: No certificates used or the last certificate has expired or was revoked more then 3 months ago
Document the delete account issue by adding it to the table at the end of the Audit Section of precedent case a20111128.3 with:
- Support ticket number
Arbitration number + consecutive number => a20111128.3.#
- CCA termination date (this is the SE's execution date) and add an 'A' after the date to mark it "with Assurances" for a20140713.1 instead of a20111128.3
SE anonymizes the account following the Delete Account Procedure using the anonymising string stated above.
As the CCA is terminated immediately with the execution of the "delete account" procedure, the user needs to be informed that the execution was successful. The CCA termination date is the date of the execution.
Hello <user>, I executed your request to delete your account following the ruling of the precedent case a20140713.1 [1]. The account is now deleted and CCA [2] is terminated on <yyyy-mm-dd>. [1] http://wiki.cacert.org/Arbitrations/a20140713.1 [2] http://www.cacert.org/policy/CAcertCommunityAgreement.php CAcert Community Agreement -- Kind Regards <SUPPORT TEAM MEMBER> CAcert support
With German translation:
I executed your request to delete your account following the ruling of the precedent case a20140713.1 [1]. Ich habe Ihr Konto entsprechend der Entscheidung des Präzedenzfalls a20140713.1 [1] gelöscht. The account is now deleted and CCA [2] is terminated on <yyyy-mm-dd>. Das Konto wurde jetzt gelöscht und die Vereinbarung der CAcert-Gemeinschaft ist mit Wirkung vom ####-##-## beendet. [1] http://wiki.cacert.org/Arbitrations/a20140713.1 [2] http://www.cacert.org/policy/CAcertCommunityAgreement.php CAcert Community Agreement
b: the last certificate has expired or was revoked less than 3 months ago
Inform the user that the delete account procedure is put on hold until a 3 month period after the last certificate has expired or was revoked.
Dear <user>, your request to delete your account is on hold until <yyyy-mm-dd> due to the fact that there is a 3 month retention time to the latest certificate expiration or revocation date which is <yyyy-mm-dd>. This retention time is given by arbitration ruling [1]. Meanwhile I will lock your account so nobody except support is able to access your account. If you would change your mind in the meantime, it would be easy to unlock your account. I will execute the account deletion when the waiting time is over, so you do not need to take any actions. [1] http://wiki.cacert.org/Arbitrations/Training/Lesson20#CCATermCalc -- Kind Regards <SUPPORT TEAM MEMBER> CAcert support
With German translation:
your request to delete your account is on hold until <yyyy-mm-dd> due to the fact that there is a 3 month retention time to the latest certificate expiration or revocation date which is <yyyy-mm-dd>. This retention time is given by arbitration ruling [1]. Ihre Anforderung, Ihr Konto zu löschen, ist zurückgestellt bis zum ####-##-##, da nach dem Auslaufern oder Widerrufen des letzen Zertifikats eine Wartezeit von drei Monaten einzuhalten ist. Dieser Zeitpunkt ist der ####-##-##. Sie ist festgelegt in der Entscheidung von [1]. Meantime I will lock your account so nobody except support is able to access your account. If you would change your mind in the meantime, it would be easy to unlock your account. Bis dahin sperre ich Ihr Konto, so dass niemand außer Support darauf zugreifen kann. Sollten Sie Ihre Meinung ändern, kann ich leicht Ihr Konto wieder freigeben. I will execute the account deletion when the waiting time is over, so you do not need to take any actions. Wenn die Wartezeit um ist, werde ich Ihr Konto löschen. Sie brauchen nichts weiter zu tun. [1] http://wiki.cacert.org/Arbitrations/Training/Lesson20#CCATermCalc
After sending the mail to the user:
- move the ticket to the queue "Pending for action"
- add a free field topic "Reminder Date", content rentention date.
- unlock tikcet
Lock the account for the retention time. (Needs to be clarified by arbitrations)
Once the retention date is reached, continue with "a:" with the execution date as CCA termination date.
Reference documents
[1] Precedent case a20140713.1 [1] Precedent case a20111128.3 [2] Delete Account Procedure [3] Delete my Account cases Init mailing