Understanding the Difference Between Data Retention and Data Preservation

Data retention and data preservation are often conflated but serve distinct purposes in managing electronically stored information (ESI). Data retention is the storing of data for recordkeeping and regulatory compliance, while data preservation is preserving ESI for an anticipated legal matter. A blog post on the Pagefreezer website further highlights the difference between data retention and data preservation.

Data retention is a proactive, ongoing process, central to records management and information governance. Industries have specific retention requirements; for instance, financial services must retain communications per Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) rules, whereas government entities adhere to the Freedom of Information Act (FOIA).

Retention periods vary but typically span three to 10 years. Data is usually disposed of once it exceeds its retention period to mitigate storage costs and security risks. Retention is managed by implementing policies and systems that schedule automatic data disposal.

Data preservation, on the other hand, is a reactive process related to e-Discovery and litigation preparedness. Data preservation involves identifying ESI that could be pertinent to a case, which requires collaboration among legal teams, compliance personnel, and other stakeholders. The obligation to preserve data arises when litigation can be reasonably foreseen, for example, through direct communications from opposing counsel or subpoenas. The Federal Rules of Civil Procedure (FRCP), specifically Rule 37(e), stipulates the preservation of ESI under such circumstances.

A significant case underscoring the importance of data preservation is Zubulake v. UBS Warburg. This case highlighted the need for organizations to suspend routine data destruction once litigation is anticipated and to implement a legal hold to ensure relevant ESI is preserved. Failure to promptly preserve data can result in its deletion under routine retention policies, potentially leading to the destruction of crucial evidence.

Therefore, while data retention and preservation both deal with data management, they serve different functions and sometimes conflict. Organizations need reliable solutions to swiftly implement legal holds, overriding regular retention schedules.