We've talked a bit about data destruction [1]. Obviously if you are going to delete data, you had better delete it with compliant methods. But the decision to delete is getting a bit more cloudy. Sarbanes-Oxley, HIPAA and other laws were fairly clear on the types of data to be stored. The compliance wildcard is the recent set of changes to the Federal Rules For Civil Procedure. That has raised the bar significantly by basically requiring storage of data that may be required in a future court proceeding. So some would argue that the safest approach is to err on the side of saving. That raises the issue of how. This requires some thought. It always makes sense to automate but that might require some customer software or at least some reprogramming. There are all sorts of hard drive options. Physical storage is also an issue. You certainly don't want drives laying around the basement floor.

For more:
- here's an article [2] from ComputerWeekly