A Match.com glitch reactivated a bunch of old profiles, raising concerns about user data

"There probably are good reasons to keep deleted profiles for some period of time — for example, to prevent or detect repeat users or fake users, etc,” Albert Gidari, consulting director of privacy at the Stanford Center for Internet and Society, wrote in an email. “But that doesn’t mean forever.”"

"Although there is no federal data destruction law in the US, 32 states — including Texas, where Match Group is headquartered — have data disposal laws that require “entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.” In addition to that, 13 states, also including Texas, have laws that require private companies to maintain reasonable cybersecurity practices. If that sounds vague, that’s because it is. “A lot of this is still, I don’t want to call it amorphous, but it’s still being defined, frankly,” explains Scott Shackelford, an associate professor and Cybersecurity Program chair at Indiana University-Bloomington. “What ‘reasonable’ is, is a moving target.”"