Support / Training

Support Handbook / Precedent cases / Precedent case a20140713.1

How to handle "delete account" cases that are similar to precedent case a20140713.1 "Delete Accounts last assurance older than 7 years" (WIP)

TRIAGE shall move all account deletion requests to the SE queue.

Preconditions

If this precondition is not fulfilled, the request needs to be moved to the dispute queue.

Maybe some other conditions should be checked. If the member has a role, support should know anyway and can check the staff list. That the member is involved in an arbitration is unlikely, but in case of suspicion, support should check.

Step 1

Write a mail to the user to make sure that they really want their account deleted. The mail is similar to the one from Delete my Account cases Init mailing.

Initial mail to user

Dear <user>,

We received a deletion request for your CAcert account dated ####-##-##.

As your account shows <xxx> assurances given, CAcert needs to make sure 
that the data protection rules are obeyed. Therefore CAcert needs to 
prove that the CAcert Assurance Programme (CAP) form used for the 
assurances are destroyed in a secure manner.

Please answer this mail within 21 days (deadline set to: ####-##-##). 
In the answer you have to point out that you destroyed all CAP forms 
in your possession in a secure manner and now want your account deleted. 
The answer should be signed with CARS (CAcert Assurer Reliable 
Statement) [1]. Otherwise this case will be reviewed by an Arbitrator.

If you want to delete your account because you have lost the access to
it, an alternative may be to try to recover your account. In this case
your assurance points, Experirence points, domains, and certificates would
be retained. For more information see [2].

The process for the deletion of an account is laid out in the precedent
arbitration case a20140713.1 [3].

[1] http://wiki.cacert.org/AssuranceHandbook2#CAcert_Assurer_Reliable_Statement
[2] http://wiki.cacert.org/FAQ/LostPasswordOrAccount
[3] http://wiki.cacert.org/Arbitrations/a20140713.1

-- 
Kind Regards
<SUPPORT TEAM MEMBER>
CAcert support

Initial mail to user, mixed English and German Version

Die folgenden Formalien müssen in Englisch sein. Ich füge jeweils die 
deutsche Übersetzung hinzu. Sie können in Deutsch antworten. Soweit 
nötig, übersetze ich es dann ins Englische. 

We received a deletion request for your CAcert account dated ####-##-##.
If this does not represent your wish, please respond within 21 days
(deadline set to: ####-##-##).

Wir erhielten die Anfrage, Ihr CAcert-Konto zu löschen mit Datum von
####-##-##. Wenn dies ein Versehen war, antworten Sie entsprechend 
innerhalb von 21 Tagen (Frist bis ####-##-##). 

As your account shows <xxx> assurances given, CAcert needs to make sure 
that the data protection rules are obeyed. Therefore CAcert needs to 
prove that the CAcert Assurance Programme (CAP) form used for the 
assurances are destroyed in a secure manner.

Da in Ihrem Konto <xxx> gegebene Assurances zu sehen sind, muss sich 
CAcert vergewissern, dass die Datenschutzbestimmungen eingehalten 
werden. Daher muss CAcert nachweisen können, dass die für diese 
Assurances benutzten CAP-Formulare (CAcert Assurance Programme) 
zuverlässig vernichtet sind.

Please answer this mail within 21 days (deadline set to: ####-##-##). 
In the answer you have to point out that you destroyed all CAP forms 
in your possession in a secure manner and now want your account deleted. 
The answer should be signed with CARS (CAcert Assurer Reliable 
Statement) [1]. Otherwise this case will be reviewed by an Arbitrator.

Bitte beantworten Sie diese Mail innerhalb von 21 Tagen (Frist bis
####-##-##). In der Antwort haben Sie darzulegen, dass Sie alle in 
Ihrem Besitz befindlichen CAP-Formulare zuverlässig vernichtet haben 
und Sie Ihr Konto jetzt gelöscht haben wollen. Ihre Antwort soll mit 
dem Zusatz CARS [1] unterschrieben sein. Andernfalls wird dieser 
Fall durch einen Arbitrator geprüft.

If you want to delete your account because you have lost the access to
it, an alternative may be to try to recover your account. In this case
your assurance points, Experirence points, domains, and certificates would
be retained. For more information see [2].

Wenn Sie Ihr Konto löschen wollen, weil Sie keinen Zugriff mehr darauf 
haben, sollten Sie besser versuchen, wieder an Ihr Konto heran zu 
kommen. Wenn Sie Ihr Konto wiederherstellen, bleiben Ihre 
Assurance-Punkte, Erfahrungspunkte, Domains und Zertifikate erhalten. 
Sehen Sie [2] an für mögliche Wege.

The process for the deletion of an account is laid out in the precedent
arbitration case a20140713.1 [3].

Das Vorgehen beim Löschen eines Kontos ist im Arbitration-Präzedenzfall 
a20140713.1 [3] dargelegt.

[1] http://wiki.cacert.org/AssuranceHandbook2#CAcert_Assurer_Reliable_Statement
[2] http://wiki.cacert.org/FAQ/LostPasswordOrAccount
[3] http://wiki.cacert.org/Arbitrations/a20140713.1

-- 
Kind Regards
<SUPPORT TEAM MEMBER>
CAcert support

The deadline needs to be set to 21 days from the date of processing.

Before sending the initial mail to the claimant:

Step 2

The data for the anonymising string is taken from the next number at the bottom of the precedent case a20111128.3 following this structure a20111128.3.x where x is the next free number, see Audit Section of precedent case a20111128.3. To differentiate this case from the standard case a20111128.3, an 'A' is added after the date in the field "CCA termination date".

Depending on the latest expiry or revocation date of the certificates, there are two different steps to proceed.

a: No certificates used or the last certificate has expired or was revoked more then 3 months ago

Document the delete account issue by adding it to the table at the end of the Audit Section of precedent case a20111128.3 with:

SE anonymizes the account following the Delete Account Procedure using the anonymising string stated above.

As the CCA is terminated immediately with the execution of the "delete account" procedure, the user needs to be informed that the execution was successful. The CCA termination date is the date of the execution.

Hello <user>,

I executed your request to delete your account following the 
ruling of the precedent case a20140713.1 [1].

The account is now deleted and CCA [2] is terminated on <yyyy-mm-dd>.

[1] http://wiki.cacert.org/Arbitrations/a20140713.1
[2] http://www.cacert.org/policy/CAcertCommunityAgreement.php
    CAcert Community Agreement

-- 
Kind Regards
<SUPPORT TEAM MEMBER>
CAcert support

With German translation:

I executed your request to delete your account following the 
ruling of the precedent case a20140713.1 [1].

Ich habe Ihr Konto entsprechend der Entscheidung des Präzedenzfalls 
a20140713.1 [1] gelöscht.

The account is now deleted and CCA [2] is terminated on <yyyy-mm-dd>.

Das Konto wurde jetzt gelöscht und die Vereinbarung der 
CAcert-Gemeinschaft ist mit Wirkung vom ####-##-## beendet.

[1] http://wiki.cacert.org/Arbitrations/a20140713.1
[2] http://www.cacert.org/policy/CAcertCommunityAgreement.php
    CAcert Community Agreement

b: the last certificate has expired or was revoked less than 3 months ago

Inform the user that the delete account procedure is put on hold until a 3 month period after the last certificate has expired or was revoked.

Dear <user>,

your request to delete your account is on hold until <yyyy-mm-dd> due to 
the fact that there is a 3 month retention time to the latest certificate 
expiration or revocation date which is <yyyy-mm-dd>. This retention time 
is given by arbitration ruling [1].

Meanwhile I will lock your account so nobody except support is able to 
access your account. If you would change your mind in the meantime, 
it would be easy to unlock your account.

I will execute the account deletion when the waiting time is over, so 
you do not need to take any actions.

[1] http://wiki.cacert.org/Arbitrations/Training/Lesson20#CCATermCalc

-- 
Kind Regards
<SUPPORT TEAM MEMBER>
CAcert support

With German translation:

your request to delete your account is on hold until <yyyy-mm-dd> due 
to the fact that there is a 3 month retention time to the latest 
certificate expiration or revocation date which is <yyyy-mm-dd>. This 
retention time is given by arbitration ruling [1].

Ihre Anforderung, Ihr Konto zu löschen, ist zurückgestellt bis zum 
####-##-##, da nach dem Auslaufern oder Widerrufen des letzen 
Zertifikats eine Wartezeit von drei Monaten einzuhalten ist. Dieser 
Zeitpunkt ist der ####-##-##. Sie ist festgelegt in der Entscheidung 
von [1].

Meantime I will lock your account so nobody except support is able to 
access your account. If you would change your mind in the meantime, 
it would be easy to unlock your account.

Bis dahin sperre ich Ihr Konto, so dass niemand außer Support darauf 
zugreifen kann. Sollten Sie Ihre Meinung ändern, kann ich leicht Ihr 
Konto wieder freigeben.

I will execute the account deletion when the waiting time is over, so 
you do not need to take any actions.

Wenn die Wartezeit um ist, werde ich Ihr Konto löschen. Sie 
brauchen nichts weiter zu tun.

[1] http://wiki.cacert.org/Arbitrations/Training/Lesson20#CCATermCalc

After sending the mail to the user:

Lock the account for the retention time. (Needs to be clarified by arbitrations)

Once the retention date is reached, continue with "a:" with the execution date as CCA termination date.

Reference documents

[1] Precedent case a20140713.1 [1] Precedent case a20111128.3 [2] Delete Account Procedure [3] Delete my Account cases Init mailing


Support/Handbook/PrecedentCases/a20140713.1 (last edited 2014-09-28 19:02:56 by MarcusMängel)