> Law Enforcement Agencies would expect you to be able to pull data from them as well.
A previous lifetime of mine was ensuring that when we legally were able to delete things we _really deleted them_ from _all the places they ended up including backups_ to ensure our response to subpoenas, LEOs, regulatory bodies and other busybodies was 'Unfortunately information about that customer was deleted on <date> under <legal authority>. We have no data to provide you'.
> I think unless you're operating a very privacy focused business where such privacy is the selling point - there is no harm in complying.
Disagree completely - giving access to data to LEOs (or others) that you have no ongoing business use for only has downsides and has zero upsides.
I have made several submissions to judges stating the date and for what reason we destroyed records and every time the answer has been ‘well, you were legally entitled to’ and the cases were dismissed early on.
It is especially difficult in modern times to enact, but my personal view is shred fast and shred often with everything.
A previous lifetime of mine was ensuring that when we legally were able to delete things we _really deleted them_ from _all the places they ended up including backups_ to ensure our response to subpoenas, LEOs, regulatory bodies and other busybodies was 'Unfortunately information about that customer was deleted on <date> under <legal authority>. We have no data to provide you'.