Know When to Hold Em: Considerations for Preservation Across Data Sources, Part One

In our last post, we discussed ten recent cases that illustrate best practices for issuing legal holds and preservation of data where parties have succeeded or fallen short.

Preservation used to be straightforward. Legal and IT teams focused on email servers, file shares, and a defined set of custodians. Today, that world is gone. Organizational data now spans enterprise SaaS platforms, cloud collaboration tools, mobile devices, structured databases, and rapidly emerging generative AI systems. Each of these environments creates unique preservation challenges, and each demands a slightly different strategy to ensure defensibility. This post (and the next post) explores key preservation considerations across four major categories of modern data sources: mobile devices, enterprise platforms, structured data, and generative AI content.

Mobile Devices: High Value, High Risk, High Variability

Mobile devices have become primary business tools, not secondary ones. Text messages, messaging apps, mobile email, and app-based communications frequently contain important evidence. Yet mobile preservation remains one of the most challenging and failure-prone areas in discovery.

The first challenge is ownership and control. In Bring-Your-Own-Device (BYOD) environments, relevant business data may reside on personally owned phones. This creates legal, privacy, and technical complications. Organizations must balance preservation duties with employee privacy rights and local data protection laws.

The second challenge is ephemeral data. Many mobile communications tools support disappearing messages or short retention windows. Standard SMS, encrypted messaging apps, and collaboration tools may all include auto-delete features. Without prompt action once the duty to preserve begins, relevant communications can vanish quickly.

Defensible mobile preservation requires advance planning, not improvisation. That planning typically includes:

• Clear BYOD and acceptable use policies that address legal hold scenarios;
• Mobile device management (MDM) or enterprise mobility management tools where appropriate;
• Documented procedures for preserving mobile content when holds are issued; and
• Custodian instructions that specifically address mobile communications behavior.

Another important factor is the behavior of custodians. Mobile preservation often depends more heavily on user cooperation than server-side systems. Custodians must understand that deleting texts, switching devices, or resetting phones during a hold period can create legal risk and increase the potential for sanctions for the organization. Communication and training are therefore essential components of mobile preservation.

Enterprise Platforms: Preservation in Cloud and Collaboration Ecosystems

In today’s data ecosystem, enterprise systems serve as the primary workspace for most organizations. Users communicate on platforms such as Microsoft 365, Google Workspace, Slack, Zoom, and project management tools and these sources are where files are created and decisions are documented. Preservation in these systems is often required and can be complex.

One major shift in fulfilling the legal hold mandate is the move toward preservation in place. Rather than collecting and copying data immediately, organizations can apply legal holds directly within enterprise platforms. These retention practices prevent deletion while allowing normal business use to continue. This approach reduces disruption and cost, but only if configured correctly.

A key consideration is that enterprise data is often interconnected and versioned. A single document may live in SharePoint, be linked to Teams chats, edited collaboratively, and shared externally. Preserving only one instance may not capture the full history. Legal and IT teams must understand:

• Where the authoritative version resides;
• How version history is stored;
• Whether comments and metadata are preserved; and
• How linked documents behave under the retention scheme.

Retention and deletion policies are another risk area. Many organizations deploy automated lifecycle rules that delete or archive content after set periods. If legal holds are not properly integrated with these policies, relevant data may be lost despite good intentions. Preservation planning must therefore include a review of platform retention rules and confirmation that legal holds suspend deletion.

Finally, enterprise preservation should be tested, not assumed. Legal teams should periodically validate that legal hold retention practices are actually preventing deletion across email, chat, files, and shared workspaces and that archival systems are working properly. Defensibility depends on verification, not configuration alone.

Structured Data and Databases: Context Matters More Than Copies

Structured data sources – such as databases, ERP systems, CRM platforms, financial systems, and application backends – pose a different preservation challenge altogether. Unlike documents and emails, structured data is dynamic, relational, and constantly changing.

A common preservation mistake is assuming that exporting a report or spreadsheet snapshot is sufficient. In many cases, those snapshots are not sufficient to provide the information required to be preserved. Structured systems often rely on relationships between tables, fields, and records that are lost when data is flattened into a simple export. Without relational context, the data may be incomplete or misleading.

Preservation considerations for structured data should include:

• Understanding the database schema and relationships.
• Identifying the fields that may change over time.
• Determining whether audit logs or transaction histories exist.
• Capturing business logic that affects how data is interpreted.

Timing is also key. Because structured data updates continuously, preservation may require time-bound snapshots or recurring extracts. In some cases, preserving the system’s audit trail may be more important than preserving a static data dump.

Legal teams should work closely with database administrators and application owners to define preservation approaches that maintain interpretability. Documentation of how the data was stored and extracted is often as important as the data itself.

Structured data preservation is less about volume and more about meaning. Without proper context, preserved data may not be usable evidence.

Conclusion

Mobile devices, enterprise solutions (including M365, Google Suite and collaboration apps like Slack and MS Teams), and structured data systems to support CMS, ERP, and other important business functions can be critical data sources. It’s important to have a preservation plan for this evidence before the case ever begins – once the case has begun, you’re already behind.

In our next post, we’ll conclude our discussion of considerations for preservation across a variety of data sources with a discussion of the latest modern data source that organizations must address: generative AI content. Stay tuned!

For more regarding Cimplifi eDiscovery, litigation, and investigations capabilities, click here.