Data Retention

Now let’s talk about data retention as this is the most valuable proposition of Google Vault.

You can retain your (covered products) data in vault indefinitely OR for a given number of days (e.g 365 days) as per your needs.

You can create two types of retention rules in Google Vault-:

1. Default Retention Rule
2. Custom Retention Rule

Default Retention Rule

• This is a global or tenant level data retention rule, so for example if you want to retain all the data indefinitely, you can create a default retention rule to keep data indefinitely.
  
  
• As this is a tenant level rule, you can not go granular while creating default retention rule (e.g you can not apply it on a given Organizational Unit), this rule gets applied on all of your users.
  
  
• Based on its global or tenant based nature, only one default rule can be created.
  
  
• Usually, you should have the default retention rule of indefinite unless there is a real requirement (e.g industry compliance) to purge data after a certain period.

Custom Retention Rule

• Unlike default rule, custom rule provides flexibility to go granular so you can create rules based on-:
  
  
• Product (e.g Gmail or Google Drive)
  
  
• Organization Unit (e.g Americas)
  
  
• Conditions & Search Criteria (e.g Date range, To/From, Gmail labels etc)
  
  
• You can create multiple custom retention rules based on your needs, In the scenarios section below, I will discuss impact where multiple rules are applied to the same scope.

Very Important -: Custom Retention Rules take precedence over Default Retention Rules.

Scenario 1-: Default vs Custom Rule

let’s take an example here, let’s say you have created two rules and applied it on all users-:

(i) Rule 1 – Default Retention Rule – to retain data indefinitely.

(ii) Rule 2 – Custom Retention Rule – to retain data for 365 days.

Result -: Your data will be deleted after 365 days based on custom retention rule as it will override default retention rule.

Scenario 2 -: Custom Vs Default Rule

(i) Rule 1 – Default Retention Rule – to retain data for 365 days.

(ii) Rule 2 – Custom Retention Rule – to retain data indefinitely.

Result -: Your data will be kept indefinitely (indefinitely = your lifetime as Google Workspace customer) based on custom retention rule as it will override default retention rule.

Scenario 3 -: Custom vs Custom Rule

(i) Rule 1 – Custom Retention Rule – to retain data for 365 days.

(ii) Rule 2 – Custom Retention Rule – to retain data indefinitely.

Result -: Your data will be kept indefinitely because whenever there is a conflict of custom rules, one with the longer retention duration wins.

Though the retention rules are adjustable (e.g you can change them later as required), however a wrongly created rule will start deleting data, so please be careful while creating them or better create them either in your sandbox tenant (if you have one) or apply it only to your test organization unit which has a few test users.

Also, Google Vault is not setup out of the box when you get it (either stand alone or as part of your Google Workspace license), you need to explicitly configure your retention rules to set it up.

‍

Data Deletion in Google Vault

Before talking about data deletion from Google Vault, let us understand clearly “Data is not deleted from Vault based on user actions, it is only deleted based on your default or custom retention rules”

Let us understand how does retention rule impacts your company email data, I mean obviously email data will be deleted once your retention period expires, but there are a couple of watch points here)-:

• After the emails are deleted due to retention period expiration, they are still available for Vault Admins for additional 30 days* where they can search, put them on hold or export that data, but once that 30 days limit is passed, there is no way to retrieve that data.
  
  
• Now above I said “30 Days”, but there are a couple of watch points  point here too-:
  
  
• If the user permanently deletes emails from his mailbox (trash it and then empties trash) more than 30 days before the retention period expires, then the messages will be deleted straight away from Vault on expiration date, no additional 30 days are provided.
  
  
• If the user permanently deletes emails from his mailbox (trash it and then empties trash) less than 30 days before the retention period expires, then Vault admin would see those messages till retention rule expiration date + whatever days are left between (i) 30 Days and (ii) How many days early did the user deletes the message
  
  

Confusing……????

It surely is……..

so let us take a couple of examples to clarify it further.

Base Cases for our example scenario -:

We have a custom retention rule of 180 days

User receives an email an 01-Jan-2019

Scenario 1-:

• User deletes an email on 01-Jan-2019 itself.
  
  
• Result – As have a 180 days retention policy, this email will be available in Vault till 29-June-2019 to complete retention period, and data deletion will start on 181st day which is 30-June-2019.

Scenario 2-:

• User deletes an email on 20-June-2019 (which is 170th day of email received date, 10 days before our retention expires)
  
  
• Result – Vault should have this email till 29-June-2019 to complete our 180 days retention + it will also add 20 days (30 additional granted days – 10 days because user deleted it permanently from his mailbox 10 days before retention policy expiration which counts against 30 days grant). So email data deletion in this case will start on 19-July-2019.