Aside from reducing user accounts for your services, you might also be downgrading or canceling services you don’t need to keep your business alive. It drives me mad, but some services only provide security features for users on paid or higher-level service tiers. Service providers might not handle service cancellations with grace, which means copies of your data might be lingering around, which also leaves the security risk lingering around too. These changes can limit the amount of security protection your accounts and data has, and there are a few things to check before you hit “cancel service.”
For services you are downgrading, check what security and data protection features are included in the lower-tier plans. You can often find this information on the service provider’s pricing page, or you can search through their knowledge base or support documentation. If you can’t find this out after a quick search, ask the service provider.
To help you draft that email, you will want to ask if the following features are still available at lower or free service tiers:
Are the following features still available at lower or free service tiers: 2FA and the ability to export account data?
What happens to any excess data if we switch to a service tier that has lower data storage limits than what we currently have?
If the answers you find are not ideal, don’t be afraid to negotiate a new service arrangement. The other side of that support email is a human, and sometimes humans have empathy and the ability to make exceptions. This could be in the form of discounts, temporary details, or modified service plans. It is always worth asking before making arrangements to remove your data or shift to an alternative service that gives you the security features and pricing you need.
Managing Data when Canceling
For services you are canceling, check what happens to your data after you cancel. Often, services might leave this data in their databases until it gets archived years later. If this service has a data breach, your business could still feel the impact even if you aren’t an active paying customer. Thanks to new privacy legislation like GDPR, service providers have to have processes to delete personal data. This means it makes asking these requests a lot easier and more likely to be fulfilled.
In an ideal situation, you can export copies of your account data and then request all account data be deleted. Don’t assume that just because you canceled your services the service provider will delete your data. They might specifically wait for a request to delete it, or just leave it there to gather dust. In a less ideal situation, you might have to delete the account data yourself and then wait for a short period of time to pass (usually 30 to 90 days). This short period of time is often the amount of time your data will stick around in backups and might still be accessible. Regardless of which situation you have to go with, at the end of it, you can be confident that you have cleaned up any left behind data and can consider that service canceled.