Retention policy deals with defining and managing retention periods for the archived data. Retention management allows an administrator to retain data in the archive, only for the required duration. Retention periods must be managed to ensure that data is stored in the archive only as long as it is necessary for the organization. Retention management also ensures that data is not removed prematurely by accident before the retention period expires.

Retention Policy Storage Types

The storage types apply to both tier 1 and tier 2 policies.

Enterprise Archive is a compliance archive and one of the core requirements of a compliance archive is to ensure immutability of the archived data. Enterprise Archive accomplishes this by using an SEC 17a-4 WORM or Write Once Read Many compliant storage layer built on top of the Object Store. To serve the broader archiving market, Enterprise Archive must also enable an operational type storage tier or non-WORM. This ensures that organizations can archive data of non-regulated employees for long term retention and allow reduction of the retention period that is not supported by WORM only repositories.

The Retention policy storage types that are supported by Enterprise Archive are:

Compliance (WORM) – Selecting this option enables the user to set the target storage type to be SEC 17a-4 compliant to ensure immutability. This option allows users to only extend the retention period when required.
Operational (Non-WORM) – Selecting this option enables the user to set the target storage type as operational, which allows extension as well as reduction to the retention period when required.

Retention Policy and Hold

Any document or artifact that is on hold cannot be deleted till the hold is removed. A hold overrides the retention policy.

Use Cases related to Retention Policy

The table below explains some use cases related to retention policies:

Use Case	Scenario	Explanation
Global or Enterprise Wide Retention	As an Administrator, I want to keep the company’s retention and disposition management simple and yet compliant under existing guidelines.	A company’s retention policy can be a simple default retention period for certain number of months on all archived data, irrespective of the source, type of data, creator or owner(s) of the data. In this case it should be possible for an administrator to configure a company-wide default retention policy with the longest retention period required under existing compliance guidelines and immediate delete the data once the retention period expires.
Specific Group(s) Require Extended Retention	As an Administrator, I am required to keep company-wide data of all employees for 2 years, C-Level staff data for 10 years and the CFO’s data indefinitely.	A company’s retention policy must be a based on job functions or roles. Senior staff and executives will generally have a longer retention period than the rest of the employees.
Specific Employee(s) Require Extended Retention	As an Administrator, I am required by compliance to retain all company-wide data for 5 years, but Mary’s for data for 7 years.	An extended retention policy can be required for a specific employee(s) because of their participation in a project that is likely to be investigated for fraud.
Specific Employee(s) require Extended Retention for all previously archived data and all new data likely to be created	As an Administrator, I have been asked by compliance to retain all of Peter’s data archived till date and all of Peter’s data moving forward for the next 3 years in anticipation of an impending hold.	A retention policy can be required for a specific employee(s) in anticipation of a lawsuit or an impending hold. This policy may require the retention period on previously archived data of specific employee(s) to be extended, as well as all new data created by these employee(s) to be retained for the specified period.
Specific Group(s) require Extended Retention for all previously archived data and all new data likely to be created	As an Administrator, I have been asked by compliance to retain all data belonging to the “Marketing” and “Wealth Management” groups archived till date and all of their data moving forward for the next 3 years in anticipation of an impending hold.	A retention policy can be required for a specific group(s) in anticipation of a lawsuit, or an impending hold. This policy may require the retention period on previously archived data of specific groups to be extended, as well as all new data created by these groups to be retained for the specified period.
Item Level Retention	As an Administrator, I have been asked by compliance to retain all documents related to a company merger for the next 5 years.	A retention policy can be required for specific documents or archived items related to a specific event such as, a merger or acquisition in anticipation of a lawsuit, or an impending hold. This policy may require the retention periods to be extended on already archived items as well as applied to all new items created that are related to the event.

Document Retention Policy Behavior

The retention policy rule in Enterprise Archive is now updated based on the sent_time of the last or latest interaction in a document with the same GCID. That is, if a document has multiple interactions, the “document expiry” is calculated based on the sent_time of the last interaction.

For example, the retention policy for a document is three months. The sent_time of the first interaction for this document 2021-01-15. Therefore, the retention period is set to 2021-04-15 (3 months from 2021-01-15). When another interaction is added to the same document with sent_time 2021-03-10, the retention period for the first interaction will be updated to 2021-06-10 (3 months from 2021-03-10).

Refer the following topics for more information on retention policies for tier-1 and tier-2 data: