This morning’s paper features a big story by yours truly on the issue of privacy on Facebook.

Specifically, it talks about Montrealer Steven Mansour, who last summer found out that in order to delete his Facebook account he would have to first delete every wall post, comment, photo, note, everything he had ever done since he first registered his account. One at a time. It took him 2,504 steps. He’s not crazy about having to go through all that effort.

The same issue annoyed UK blogger Alan Burlison and others, but Facebook wouldn’t budge until the New York Times took it up last month. That led to the company proclaiming it would be easier, without making clear exactly what it was changing about the process.

Currently, on Facebook, you can “deactivate” accounts, which makes them inaccessible (though reports of fragments being left behind are common). But deleting them completely requires an outside-the-box email exchange with Facebook staff.

Not unexpectedly, Facebook didn’t respond to my request for a clarification about their policy.

Neither did Canada’s Privacy Commissioner’s Office, when I asked whether it had received a complaint from Mansour and/or were investigating Facebook. The office’s PR contact got back to me finally, and says he’s looking into whether there are any investigations concerning Facebook.

Mansour has a roundup on his blog of reaction to his story and other Facebook privacy issues. Only some involve conspiracy theories about links to the CIA and stuff.

The article also touches on TRUSTe, an organization that counts Facebook as a member and seems to do nothing to rein them in; Facebook’s draconian terms of use; and what Mansour thinks needs to be done to safeguard privacy rights online.