Know When to Hold Em: Defensible Deletion vs. Over-Preservation

In our last post, we discussed considerations for preservation for the latest modern data source that organisations must address – generative AI content – as well as five cross-cutting best practices for multi-source preservation.

In eDiscovery and information governance, few tensions are as persistent – or as misunderstood – as the balance between preservation and deletion. On one hand, organisations are obligated to preserve relevant electronically stored information (ESI) when litigation is reasonably anticipated. On the other, they are expected to manage data responsibly, which includes disposing of information that no longer has business, legal, or regulatory value.

Striking the right balance is critical. Too little preservation risks spoliation, while over-preservation creates significant legal, operational, and financial risks. In this post, we’ll discuss retention policies, defensible deletion, and the risks of a “save everything” approach to preservation.

The Importance of Retention Policies

Retention policies are the foundation of any mature information governance program. They define how long different categories of data should be kept based on legal, regulatory, operational, and business needs. These policies are designed to ensure that organisations retain what they need – and only what they need – for an appropriate time.

A well-crafted retention policy accounts for:

• Legal and regulatory requirements (e.g., financial records, employment data, healthcare information)
• Business value and operational use
• Risk exposure associated with retaining certain types of data
• System capabilities and storage constraints

When consistently applied, retention policies help organisations reduce data volumes, control costs, and minimise risk. They also establish a baseline for defensible deletion: the routine, good-faith disposal of data in accordance with established policies.

Courts have repeatedly recognised that organisations are not required to retain all data indefinitely. In fact, routine deletion pursuant to a reasonable policy is generally viewed as a sign of good governance, not misconduct – provided, of course, that deletion stops when preservation obligations arise.

What “Defensible Deletion” Means and Why It Matters

Defensible deletion refers to the systematic disposal of data in accordance with established retention policies, carried out consistently and in good faith. It is “defensible” because the organisation can demonstrate that deletion was not targeted or opportunistic, but rather part of a routine, policy-driven process.

This concept is critical in modern data environments, where volumes are growing exponentially. Without a defensible deletion approach, organisations accumulate vast amounts of redundant, outdated, and trivial (ROT) data. Retained too long, that data becomes discoverable, reviewable, and potentially damaging. It’s estimated that up to 75% of over-retained records contain sensitive or personal data – exposing companies to unnecessary compliance, security, and cost risks.

Defensible deletion offers several benefits:

• Reduced Discovery Costs: Less data means less to collect, process, review, and produce.
• Lower Risk Exposure: Old or irrelevant data may contain harmful (such as over-retained personal data that is exposed in a data breach) or misleading information that would not otherwise surface.
• Improved System Performance: Leaner data environments are easier to manage and secure.
• Stronger Defensibility: Consistent policies demonstrate that data management is intentional and controlled.

The key, however, is consistency. Deletion must be applied uniformly across the organisation, without regard to specific litigation or investigations, unless and until a legal hold is in place.

The Risks of a “Save Everything” Approach

Despite the benefits of a defensible deletion approach, many organisations fall into the trap of over-preservation. This often stems from a fear of sanctions or a misunderstanding of preservation obligations. The logic is simple: if nothing is deleted, nothing can be lost. But this approach creates its own set of problems.

1. It’s expensive. Over-preservation dramatically increases costs. Every additional gigabyte of data must be stored, secured, processed, and potentially reviewed. In large matters, this can translate into millions of dollars in unnecessary spend for your organisation.
2. It expands legal risk. The more data an organisation retains, the more data it may have to produce. That could include irrelevant or harmful information that would have been defensibly deleted under a proper retention policy. Over-preservation can expose organisations to claims or issues that would never have arisen otherwise.
3. It complicates legal hold management. When organisations retain everything, it becomes harder to distinguish between what is subject to a hold and what is not. Legal teams may struggle to scope preservation efforts effectively, leading to confusion, inefficiency, and increased risk of error.
4. It undermines information governance maturity. Over-preservation signals a lack of confidence in policies and processes, replacing structured decision-making with fear-based data hoarding.

The Intersection of Retention Policies and Legal Holds

The relationship between retention policies and legal holds is where many organisations encounter difficulty. But these two concepts are not in conflict – when managed properly, they can be complementary.

Retention policies govern routine data lifecycle management. Legal holds are exceptions to those policies, triggered by specific legal events. When a legal hold is issued, relevant data must be preserved – even if it would otherwise be deleted under the retention schedule.

The challenge lies in execution. Organisations must be able to:

• Identify which data is subject to a hold
• Suspend deletion for that data only
• Continue routine deletion for all other data

Just as information governance requires coordination between legal, IT, and records management teams (among other stakeholders), suspending those IG programs requires coordination from those same stakeholder groups as well. Additionally, modern technology platforms that can apply holds at a granular level are frequently supporting “preservation in place” today, allowing organisations to freeze relevant data without disrupting broader retention policies.

Problems arise when this coordination breaks down. If deletion is not properly suspended, relevant data may be lost. If deletion is suspended too broadly, over-preservation takes hold. The goal is precision: preserving what matters, and only what matters.

Building a Balanced, Defensible Approach

Achieving the right balance between preservation and deletion requires more than policies – it requires operational discipline and cultural alignment. Organisations should focus on several key areas:

• Policy Clarity and Coverage: Retention schedules should be clearly defined, regularly updated, and aligned with current data sources, including cloud platforms and collaboration tools.
• Technology Enablement: Systems should support automated retention and deletion, as well as the ability to apply and manage legal holds effectively across environments.
• Cross-Functional Collaboration: Legal, IT, compliance, and business stakeholders must work together to ensure policies are understood and implemented consistently.
• Training and Communication: Employees should understand both retention expectations and legal hold obligations, including how the two interact.
• Documentation and Auditability: Organisations must be able to demonstrate how policies are applied, when holds are issued, and how deletion is managed in the presence of preservation obligations.

When these elements are in place, organisations can move away from fear-based over-preservation and toward a more strategic, defensible approach.

Conclusion

If any post in our legal hold series relates to Kenny Rogers’ famous song The Gambler, it’s this one: you’ve got to know when to hold ’em and know when to fold ’em (or at least delete ‘em). Defensible deletion isn’t a risk: it’s a best practice. Over-preservation creates unnecessary cost, complexity, and exposure. By aligning retention policies with legal hold processes and embracing a disciplined approach to data lifecycle management, organisations can meet their legal obligations while maintaining control over their information environment.

In our next post, we’ll discuss differences in legal hold obligations between regulatory investigations and civil litigation. Stay tuned!

For more regarding Cimplifi eDiscovery, litigation, and investigations capabilities, click here.