# eDiscovery and Data Retention One-sentence definition: Processes for identifying, preserving, collecting, reviewing, and producing electronically stored information (ESI) under legal obligations. ## Key Facts - Legal holds suspend normal deletion; notify custodians. - Retention schedules by data type, law, and business need. - Searchability, indexing, metadata preservation essential. - Coordinate with privacy and cross-border transfer rules. - Chain of custody and review workflows (privileged vs responsive). - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose steps to satisfy a legal hold while minimizing risk. **Mnemonic:** “**IPCRP**” → Identify, Preserve, Collect, Review, Produce. ## Mini Scenario Q: Auto-purge runs during legal hold—risk? A: Spoliation; halt deletion and document actions. ## Revision Checklist - Define legal hold. - Name two retention drivers. - List two metadata items to preserve. ## Related [[Evidence and Chain of Custody]] · [[Privacy Principles and Data Protection]] · [[Compliance and Regulatory Concepts]] · [[Contracts, SLAs, OLAs, MOUs]] · [[Security Governance]] · [[Domain 1 - Index]]