The life of an edu-ID account

Lifelong learning benefits from lifelong user accounts. SWITCH edu-ID accounts are such lifelong user accounts. However, lifelong sometimes does not mean forever, which may be a surprise in this context. Why is that so?
Due to data privacy laws a life long account is – like a lifelong prison sentence – not for all eternity. At some point an account is deleted or archived even though its owner is still alive and well.

The edu-ID Service Description describes in the chapter “4.6 Automatic archiving and deprovisioning of SWITCH edu-ID accounts”. That accounts are deactivated after 5 years of inactivity and that accounts are deleted after 10 years of inactivity.

This process is illustrated below in greater detail:

  • Active Accounts: Are used by their owners when logging in to services or My edu-ID. Each login sets the last login date to the current time when the login happened.
    When the last login was a 1-3 years ago, a yearly inactivity reminder e-mail is sent to the user’s contact e-mail address. This message is to let the user know about his edu-ID account and ask the user to review the accounts data.
    After 4 years of inactivity the reminder e-mail also makes the user aware that the account will be deactivated after 5 years of inactivity.
  • Deactivated Accounts: When an account is deactivated, it still exists with all its user data but the user cannot log in anymore unless the edu-ID support reactivates the account on request of the user.
    The edu-ID support team also can deactivate edu-ID accounts temporarily or permanently for security reasons or because accounts are obviously not respecting the edu-ID Terms of Use.
  • Archived Accounts: Accounts that have been deactivated for 5 years are automatically deleted. The deletion is an archival of an account where all personal data is stripped from the account. Only the edu-ID generated identifiers and some metadata remain but e.g. not name and not e-Mail addresses. The identifiers are needed to ensure that they are not reassigned to another edu-ID account. The metadata does not contain personal data and helps to understand in retrospect why an account was deleted.

Related to the topic of account deactivation and deletion is the topic of deleting e-mail addresses. E-mail addresses are important for authentication and for contacting a user. Therefore, edu-ID ensures that e-Mailadresses are up-to-date and non-working e-mail addresses are removed automatically. How this works is described in the article e-Mail Address Spring Cleaning.

If an account has no working e-mail addresses anymore, it still can be active even though no login is possible anymore. However, not being able to log in because there exists no working e-mail address anymore, eventually also results in the deactivation of an edu-ID account after 5 years of inactivity.

Author: Lukas Hämmerle

I'm a member of the SWITCHaai team and the SWITCH edu-ID team.

Leave a Reply

%d bloggers like this: