In finance or medicine, it's often illegal[0] to delete customer information before the end of an expiration period (minimum several years).
There are ways to comply without soft-deletion, but in practice they are much more expensive to implement and never used.
0: "Illegal" is the wrong word, really "non-compliant with regulations, resulting in significant fines but except in case of gross negligence or fraud, probably not criminal charges".
> In finance or medicine, it's often illegal[0] to delete customer information before the end of an expiration period (minimum several years).
There are also laws that require you to delete customer information. For instance patient data in situations where consent is withdrawn. So either way you can’t rely on “it’s often”. And on the flip side of things the legal requirements you are referring to are typically the audit requirements, which are still better served using audit tables, since it’s not enough to have a “current data” and “data that is currently not active”, since you need logs of who changed the data when, and you can easily run into situations where something is soft deleted, then restored, then soft deleted again.
This is true, and in practice the solution frequently ends up being a combination of soft deletion and audit logs.
Just pointing out that in some common cases, the goals of consumer data control are impossible to implement, due to conflicting requirements for record retention.
In finance or medicine, it's often illegal[0] to delete customer information before the end of an expiration period (minimum several years).
There are ways to comply without soft-deletion, but in practice they are much more expensive to implement and never used.
0: "Illegal" is the wrong word, really "non-compliant with regulations, resulting in significant fines but except in case of gross negligence or fraud, probably not criminal charges".