As part of a periodic purge of unused online accounts, I deleted my account from a company ten months ago. Let’s call that company Contoso. I received a confirmation that said, “Your personal information and items associated with your account have now been deleted. This action is permanent and cannot be reversed.”
Yesterday, I got an email from Contoso informing me that they have updated their Privacy Policy.
So I guess their “confirmation” of “permanent” and “irreversible” deletion of my personal information was premature, seeing as they still have my email address.
I wonder if this is covered in their privacy policy. I would guess not.
I would bet they pump email addresses over to a marketing platform and when they deleted your records they only removed / destroyed their own data.
Do you keep a list of all your online accounts? That’s a good idea.
In many cases, email lists may be generated days before the actual contents go out.
Additionally, often the source for things like mass notifications can be separate analytical databases, that may not be updated in real time.
There’s generally a very practical real-world reason for the notification that sometimes accompanies data deletion or unsubscribe attempts…
I would understand if the email was within a month of deletion, but this was ten months later. If a database update takes more than 10 months to propagate, I think something is wrong with your database design.
Same thing happened to me recently with a company, let’s call it “Cumulus Flicker”. I wonder if this is the same.