3.1.4. Data Lifecycle Management and Retention
š” First Principle: Data Lifecycle Management ensures that content is kept for as long as required ā by law, regulation, or policy ā and deleted when that period expires. Retention is the governance mechanism that makes compliance with data retention laws possible, and records management makes certain content immutable and non-deletable.
Organizations face two conflicting pressures: regulations require keeping certain records for years (financial transactions: 7 years; healthcare: often longer), but security best practice says don't keep data longer than you need it. Data Lifecycle Management resolves this by applying explicit retention rules.
Retention labels vs. retention policies:
| Retention Label | Retention Policy | |
|---|---|---|
| Applied by | Users manually, or auto-apply rules | Admins (applies to entire locations) |
| Granularity | Per-item (file, email) | Per-location (all Exchange email, all SharePoint) |
| Supports records | ā Yes ā can mark content as a record | ā No |
| Flexible triggers | ā Yes ā retain from event (e.g., employee termination) | ā No |
What "retain" means: During the retention period, content cannot be permanently deleted even if a user tries. SharePoint recycles deleted items but preserves them in the preservation hold library. Exchange retains deleted items in a hidden recoverable items folder.
What "records" means: Content marked as a record cannot be modified or deleted during the retention period ā it's locked. Records management is used for legally required documents (contracts, compliance records).
ā ļø Exam Trap: A retention policy that says "retain for 5 years" doesn't prevent users from deleting content in their normal workflow ā it just preserves it in the background so compliance teams can find it. Users see normal delete behavior; the preservation happens invisibly.
Reflection Question: A legal team needs to ensure that a specific contract document cannot be modified or deleted for 7 years, but other documents in the same library don't have this restriction. Should they use a retention policy or a retention label, and why?
