> 1. I want _nothing_ to do with user data. Nothing. Toxic nuclear waste. The idea of keeping the waste on hand needs strong justification.
Additionally, with regulations like CCPA in some jurisdictions, this isn't even optional anymore. At some point you will need to hard delete user data.
I can forget that you were my customer, but I can’t forget that there was a customer. That quickly turns into tax evasion, for one thing.
Much of the user information we acquire is the result of greed, nosiness, or laziness. If deleting users is difficult for you, that’s an architectural problem that has next to nothing to do with my comment.
The world is absolutely full of rules that have exactly one exception. If they have two we apply the Rule of Three and either fix it or change it back to two. I have absolutely no qualms about treating user data as the exception here.
If you’re Amazon, you don’t even need much of the PII until checkout time. Collecting or looking up that data up early is a security risk. Checkouts are going to be orders of magnitude fewer operations than your browsing traffic. When the order of magnitude changes, the solutions often change. And lastly, checkouts are when you make money. Expensive operations, like inserting into a table with fragmentation problems, are much easier to justify when they are attached to revenue events.
An ad campaign that falls flat can bankrupt you. A fire or earthquake can bankrupt you. A fancy and unusable site relaunch can bankrupt you. Spending a little money at the point of sale cannot.
Additionally, with regulations like CCPA in some jurisdictions, this isn't even optional anymore. At some point you will need to hard delete user data.