Legal Holds
Data preservation for litigation and regulatory compliance.
Last updated
Mistvine's legal hold system preserves data when litigation, regulatory investigation, or compliance audit is anticipated.
Purpose
Legal holds ensure data preservation obligations are met. When a hold is active:
- Affected data cannot be deleted
- Automated retention policies are suspended
- User-initiated deletion requests are blocked
- All preservation actions are logged
Fail-Closed Design
Legal hold checks use fail-closed logic: if the system cannot definitively determine that data is NOT under hold, it blocks operations that could destroy data.
This approach prioritizes data preservation over convenience.
GDPR Compliance
The legal hold system implements GDPR Article 17(3)(e), which provides an exception to the right to erasure when data processing is necessary for legal claims.
Users under legal hold are informed that deletion is temporarily unavailable without disclosure of case details.
Violation Logging
Attempted deletions during active holds are logged to an immutable record for compliance review.
Administration
Organization administrators can:
- Create and manage legal holds
- Add users to holds
- Release holds when no longer needed
- Review violation logs
Access Control
Legal hold management is restricted to organization administrators. Regular users cannot view or modify legal holds.