Is there a difference between data retention and data preservation? The terms retention and preservation are often treated as synonyms in day-to-day language but they aren’t the same thing.
Retention refers to the storing of data to meet regulatory and recordkeeping obligations, while preservation is related to the safekeeping of electronically stored information (ESI) for some anticipated legal matter. In other words, data retention is a proactive ongoing process. Preservation is more reactive—once litigation seems reasonably likely, an obligation to preserve relevant ESI arises.
With that basic definition out of the way, let’s dive deeper into the two terms.
Data retention is a central component of records management and information governance. Many industries have very explicit recordkeeping rules. Financial services, for instance, must keep records of all communications in order to meet SEC and FINRA recordkeeping requirements. Government organizations must similarly retain data in order to comply with the Freedom of Information Act (FOIA) and state-specific Open Records laws.
Retention periods differ by industry but typically ranges anywhere from three to 10 years. Once data falls outside the retention period, companies often choose to dispose of it. Why do they do this? First, hanging onto all this information in an age when massive amounts of new data are constantly being created can quickly become expensive and overwhelming. Second, once data is no longer needed to meet regulatory requirements, it can become little more than a liability. For example, retaining sensitive customer data can invite security and privacy risks, so if the information is no longer needed, it’s better to delete it.
To manage the retention process, companies apply internal plans and policies that explain exactly how—and for how long—data should be stored across the organization. They also implement systems that automatically disposes of data according to a set retention schedule.
While data retention exists within the realms of compliance and information governance, data preservation is closely related to eDiscovery and litigation readiness. Simply put, if it is reasonable to assume that litigation will take place, legal teams are obligated to collect and preserve relevant data.
Of course, knowing what is “relevant” is a complex question without a neat and simple answer. Every individual case requires legal teams to confer with clients to identify ESI that could be relevant to the case at hand. In most instances, multiple stakeholders across an organization would need to get involved, including in-house legal teams, compliance personnel, records managers, IT personnel, HR managers, etc.
Knowing when exactly a duty to preserve kicks in is another thorny issue. The Federal Rules of Civil Litigation (FRCP), 37(e) broadly states that ESI must be preserved when litigation can reasonably be anticipated. What is “reasonable” in this context? Generally speaking, it would include any event that tends to result in litigation. This includes, but is not limited to:
Interestingly, the issues of exactly what and when to preserve ESI was central to the early-2000s case of Zubulake v. UBS Warburg, which played a major role in creating the eDiscovery industry as we know it today.
For a great in-depth look at the case and the impact it had on the legal landscape, it is worth reading the ABA Journal’s Looking back on Zubulake, 10 years later, but a brief summary of the subsequent rule is provided below.
As the LexisNexis case brief related to Zubulake v. UBS Warburg states: “The scope of a party's evidence preservation obligation can be described as follows: once a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policy and put in place a litigation hold to ensure the preservation of relevant documents.”
This ruling perfectly illustrates not only that data retention and data preservation are two very different concepts, but it also shows that the two activities can sometimes be in conflict.
As mentioned earlier, most organizations have retention policies in place that dictate how long ESI is retained under normal circumstances. And once data falls outside this retention period, it is permanently deleted—often automatically. So if legal teams do not act quickly to preserve this data, it can be deleted as part of regular retention scheduling—and (intentional or not) leave the organization in the awkward position of having destroyed evidence.
For this reason, legal teams should ensure that a reliable solution is put in place that allows them to quickly and easily place crucial ESI on legal hold, thereby overriding normal retention scheduling. For example, have a look at Pagefreezer’s Retention Scheduling and Legal Hold solutions aimed at website, social media, and enterprise collaboration content.
Looking for more information? Pagefreezer has created an information governance model that specifically addresses data from online sources such as websites, social media accounts, and enterprise collaboration platforms. In our white paper, we share exactly how online data should be created, retained, managed, and disposed of.