Skip to main content

Legal Holds Introduced to Block Entity Data Deletion

A new Legal Hold mechanism has been introduced to block the deletion of an entity while legal or regulatory proceedings are active. Legal Holds can be applied to any entity type from the Entity Profile Page and suppress both the automated Data Deletion Scheduler and the Delete Entity Data API for as long as the Legal Hold is active. When the Legal Hold expires or is removed, the entity returns to the standard deletion lifecycle.

Key Details

  • A Legal Hold can be created, viewed, modified or removed from the Entity Profile Page ellipsis menu. Only one Legal Hold may exist per entity at a time.
  • Each Legal Hold captures a Reason (Reference Data lookup), Details, Duration (in months) and Responsible Team. The Start Date is set on creation and the Expiry Date is derived from Start Date + Duration.
  • Legal Hold Active and Legal Hold Expired status chips appear on the Entity Profile header so the current state is visible at a glance.
  • The Data Deletion Scheduler excludes entities with an active Legal Hold, and the Delete Entity Data API rejects deletion attempts for those entities. Expired or removed Legal Holds no longer block deletion.
  • Advance expiry notifications are sent to members of the Responsible Team at 30, 15, 5 and 1 days before the Expiry Date, subject to the user's permissions and notification settings.
  • All Legal Hold lifecycle events (Create, Modify, Remove) are fully audited. Audit entries are immutable and persist after the Legal Hold is removed or the entity is deleted.

Implications

  • Entities subject to legal or regulatory preservation can no longer be deleted accidentally, either by the scheduler or via the Delete Entity Data API.
  • New permissions (Legal Hold Access, Legal Hold Edit, Legal Hold Delete) have been added under the Entity Data domain and must be assigned to the relevant roles before the feature is used.
  • Legal Hold audit events are available in Advanced Reporting and via audit query capabilities. They are intentionally excluded from the Entity Profile audit drawer.

User Guide Reference