A server administrator receives a formal notification from the company's legal department about an active lawsuit. The notice specifies that all electronically stored information (ESI) related to a particular project, including emails and documents on a file server, must be preserved. The company has a standard retention policy that automatically deletes files older than 180 days. Which of the following is the MOST appropriate initial action for the administrator to take to comply with this legal requirement?
Notify the project team members about the lawsuit so they can avoid deleting relevant files.
Immediately export a copy of all project-related data to an external drive for the legal team.
Perform a one-time backup of the data and then allow the standard 180-day data purge to continue.
Apply a legal hold to the specified project data to suspend the standard retention policy.
The administrator should place the identified data under a legal (litigation) hold. A legal hold suspends normal retention and purge schedules so that potentially relevant information remains intact and unaltered, satisfying the duty to preserve evidence once litigation is reasonably anticipated or underway. Simply exporting a copy gathers data but does not stop future deletions or preserve system metadata. Performing a one-time backup while allowing the automated 180-day purge exposes the organization to spoliation claims. Notifying project team members is an important part of executing the hold, yet doing only that does not disable automated deletion or ensure comprehensive preservation, so it is not the MOST appropriate first step.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a legal hold and why is it important?
Open an interactive chat with Bash
What risks are associated with not applying a legal hold?