Safeguard sensitive data to address legal obligations using Lucid’s Enterprise Shield add-on. This guide will give examples of implementing a custom retention policy and establishing legal holds.
3 minute read
Document retention
Lucid’s Enterprise Shield lets you set a custom document retention policy to manage your account’s data more effectively. You can choose to delete documents in the trash or all documents on the account (including the trash) automatically, based on their last modified or created date.
For steps on how to configure a new retention policy, see our document retention policy article.
As an example, admins may choose to auto-delete documents in the trash that have not been modified in three years to prevent data hoarding. This could be a practical policy for many, since users typically don’t expect to keep items that have been moved to the trash.
Some industries have strict data retention requirements that prohibit early deletion. In such cases, we strongly recommend you pay special attention to the trash setting, as that will either allow or disallow users on your account to delete documents and folders permanently.
If your goal is to preserve data for a required period before allowing it to be deleted, consider this example retention policy. First, disable the trash setting to prevent users from permanently deleting documents and folders. This ensures that content is retained for the full required duration, as now the only way a document can be permanently deleted is through your retention policy. Then, configure a retention policy to automatically delete documents in the trash that are older than three years, or whatever period your specific regulation requires.
Legal hold API
Lucid’s legal hold API allows you to safeguard essential documents by applying and removing holds on specific users and/or keywords relevant to litigation. This ensures crucial data is preserved precisely when you need it. With Lucid’s legal hold feature, documents are protected from deletion and preserved until the hold is released.
Admins can establish a legal hold using the API, configuring several key options:
- Name the hold.
- Add an optional description.
- Define start and end dates for the hold (with the flexibility to manually release it early if needed).
- Specify impacted users, known as “custodians.” All documents they own or have shared access to will be included by default.
- Refine the hold’s scope with a keyword search. This ensures only documents accessible to a custodian and containing a particular keyword are preserved.
Admins are able to set a legal hold on both custodians and/or keywords.
If the legal hold only has custodians, all documents that the custodian has access to will be added to the legal hold.
If the legal hold only has keywords, docs get added to the legal hold if they have a keyword.
If the legal hold has custodians and keywords:
- Docs only get added to the legal hold if a custodian has access and the doc has a keyword.
- Docs that are not accessible by a custodian do not get added to the legal hold, even if they have a keyword.
Any account documents that a user can access when a hold is in place are automatically included in the legal hold. Accounts with active legal holds are secure and cannot be deleted from the Lucid platform. If a user on legal hold transfers their account, their held documents seamlessly move to the account’s designated default document owner, remaining under the hold. Crucially, users cannot transfer documents under legal hold to other users outside the Enterprise account. This system preserves documents owned by the account itself, not external documents shared with a user under legal hold.
Review our developer documentation to explore how to access documents under a legal hold.
It’s important to know that Lucid does not send automated notifications to users placed on legal hold. Your legal and administrative teams manage this. If a user tries to delete a held document, they’ll receive a discreet message indicating admin-level prevention. Upon the hold’s expiration, documents are released and can then be permanently deleted.
Note: These guides are here to help you get the most out of Enterprise Shield, but are not intended to address all scenarios or compliance requirements. You’re in the best position to decide how to configure your settings to ensure they meet your specific security and privacy needs.