Know When to Hold Em: Considerations for Preservation Across Data Sources, Part Two

In our last post, we discussed key preservation considerations across three major categories of modern data sources: mobile devices, enterprise and collaboration platforms, and structured data.

Our increasing reliance on generative AI solutions is translating into the latest and perhaps the largest modern data challenge organizations must address in discovery today. This post concludes the discussion of key preservation considerations of modern data sources with a look at the considerations related to generative AI content as well as a look at key preservation principles that apply across all four main modern data sources.

Generative AI Content: The New Preservation Frontier

Generative AI systems are rapidly becoming embedded in daily business workflows. Employees now use AI tools to draft emails, summarize documents, generate code, prepare reports, and analyse data. It has become routine for participants in web meetings (such as Zoom) to activate an AI- based note taker that captures and summarizes key discussion points from the meeting. All these activities create a new and evolving category of potentially discoverable content that must be addressed in your preservation plan for discovery.

Preservation challenges in this area stem from novelty and variability. Different AI systems store different artifacts. Some retain prompts and outputs; others do not. Some integrate with enterprise platforms; others operate as standalone services. Some generate content that is saved automatically; others produce transient responses.

Key preservation questions include:

• Are prompts and responses logged and retained?
• Where are AI-generated outputs stored, if anywhere?
• Are AI summaries replacing original documents?
• Do AI systems create intermediate artifacts that matter?
• Is AI-generated content labeled or traceable?

Another complication is that generative AI outputs may be embedded in other preserved systems – such as, copied into emails, pasted into documents, or saved into collaboration platforms. In those cases, traditional enterprise preservation may capture the output but not the prompt that generated it. Depending on the dispute, that prompt could be relevant.

Additionally, AI does not always require prompting to generate output. Automatically produced content, such as AI‑generated meeting notes are frequently shared without validation, increasing the risk that incorrect information is disseminated and later relied upon, with downstream consequences.

Forward-looking organizations are beginning to address this through AI governance policies that treat prompts and outputs as business records when used for business purposes. Logging, retention, and traceability controls are increasingly part of responsible AI deployment.

Preservation teams should coordinate with AI governance and IT teams to understand which AI tools are approved, how they store interaction history, and how legal holds can be applied when needed.

Cross-Cutting Best Practices for Multi-Source Preservation

While each data source category presents unique challenges, several preservation principles apply across all of them.

First, data mapping is foundational and vital. Organizations must maintain up-to-date knowledge of what systems they use, what data they contain, and how retention works in each environment.

Second, as the Information Governance Reference Model (IGRM) model recommends, legal, IT, security and privacy, governance, and business unit teams must collaborate. Preservation failures often occur at the seams between departments.

Third, automation should be leveraged wherever possible. Platform-native holds, integrated legal hold systems, and policy-based preservation reduce reliance on manual steps.

Fourth, custodian communication must be specific and tailored. Generic hold notices are no longer sufficient when data lives in dozens of systems.

Finally, documentation drives defensibility. Preservation decisions, configurations, validations, and communications should all be recorded.

Conclusion

Modern preservation is no longer about saving files—it is about preserving ecosystems of information across enterprise platforms, mobile devices, structured systems, and AI tools. Each source introduces different technical behaviors, risks, and preservation methods. Organizations that recognize these differences and plan accordingly are far better positioned to meet their obligations.

The standard of reasonable, good-faith effort remains. But, in a multi-system, AI-augmented, cloud-first world, a reasonable effort requires technical awareness, process maturity, and continuous auditing and adaptation.

In our next post, we’ll discuss retention policies, defensible deletion, and the risks associated with “save everything.” Stay tuned!

For more regarding Cimplifi eDiscovery, litigation, and investigations capabilities, click here.