A company has initiated a legal hold due to pending litigation. A security administrator identifies a set of server logs they believe are unrelated to the case. According to e-discovery best practices, what is the proper action for the administrator to take with these logs?
The logs should be moved to a separate archive so they are not included in the initial e-discovery collection.
The logs can be deleted after the administrator documents their assessment that the data is irrelevant.
The logs must be preserved, as the scope of the legal hold is broad and the final determination of relevance is a legal decision.
The logs can be disposed of according to the company's standard data retention policy.
When an organization is under a legal hold, the duty to preserve evidence is broad. All data that is potentially relevant to the case must be preserved. Unilaterally deciding that data is irrelevant and deleting it can be considered spoliation of evidence, which can result in severe legal penalties. The standard data retention policy is suspended by the legal hold for all data that falls within its scope. The final determination of what is relevant is a legal process, not a decision to be made by an individual administrator.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.