Legal holds and data retention policies are not the same thing — conflating them is one of the most expensive HR data management mistakes, because a data retention deletion that destroys records subject to a legal hold constitutes spoliation of evidence and exposes your organization to adverse inference instructions at trial. Here is how the two concepts differ, when each applies, and how to automate compliance with both. See the Secure Make.com Webhooks data security guide for the storage controls that support this framework.

What Is a Data Retention Policy and When Does It Apply?

A data retention policy defines how long specific categories of HR data are stored in normal operations, and when they are deleted. Retention periods are defined by business need and legal obligation: employment records (7 years post-termination for most jurisdictions), I-9 forms (3 years from hire date or 1 year from termination, whichever is later), job application records (2 years under OFCCP for federal contractors), and payroll records (3 years under FLSA). Data retention is your standing policy — it applies automatically to all records in the defined categories, on a schedule, regardless of any specific legal proceeding.

What Is a Legal Hold and When Does It Override Data Retention?

A legal hold (also called a litigation hold or preservation notice) is a directive to suspend normal data retention and deletion for specific records related to actual or anticipated litigation, regulatory investigation, or government inquiry. A legal hold activates when: you receive an EEOC charge, a lawsuit is filed or threatened in writing, you receive a regulatory subpoena, or your legal counsel determines that litigation is reasonably anticipated based on known facts. The moment a legal hold applies, all automated retention deletion scripts must be suspended for the affected records — regardless of whether those records have exceeded their normal retention period.

How Do You Determine the Scope of a Legal Hold in HR?

Legal hold scope is defined by the matter’s subject: if the hold relates to a discrimination claim by employee X, the hold covers all records touching employee X’s employment history, all AI screening decisions applied to that employee’s candidate file if the claim involves hiring, all communications between X and their managers, and all performance and compensation records. The hold covers custodians (the people who held those records) and data sources (the systems those records exist in: HRIS, ATS, email, Make.com™ execution logs, audit logs). Your legal counsel defines the scope; HR operations implements the technical preservation.

How Do You Implement a Legal Hold Technically in an HR SaaS Environment?

Four technical steps for legal hold implementation in a SaaS HR environment: (1) identify all systems holding in-scope records (HRIS, ATS, email, Make.com™, audit log store); (2) disable all automated deletion jobs and retention scripts for in-scope records in each system — this requires system admin access and is not automatic; (3) export copies of in-scope records to an immutable storage repository (S3 with Object Lock, or equivalent) that is outside the reach of normal retention deletion jobs; and (4) document the hold implementation date, the records preserved, and the systems affected, and file the documentation with legal counsel. Review hold status quarterly — holds that are no longer legally necessary should be released and normal retention resumed.

How Do You Automate Legal Hold Triggering and Documentation in Make.com?

Build a Make.com™ legal hold scenario triggered by a specific input: a designated HR email alias receives a legal hold notification from legal counsel, triggering the scenario. The scenario: (1) parses the notification for custodian names, data systems, and hold period; (2) creates a Teamwork™ task for the IT admin to disable deletion jobs in each affected system; (3) triggers data export jobs for each identified system via API; (4) writes the hold record (date, scope, custodians, systems) to a legal hold register in Google Sheets; and (5) sends a confirmation to legal counsel with the implementation details. Automation does not replace the legal judgment that defines hold scope — it executes the technical implementation faster and more consistently than manual processes.

How Do You Release a Legal Hold When the Matter Is Resolved?

Legal hold release requires written confirmation from legal counsel that the matter is resolved and the hold is no longer legally necessary. On receipt of release confirmation: (1) update the legal hold register with the release date and the authorizing counsel; (2) restore normal retention policies for the formerly held records; (3) run a catchup deletion job for records that exceeded their retention period during the hold period, after confirming with legal counsel that no continuing preservation obligation exists; and (4) document the release in the same file as the original hold implementation. Incomplete hold releases — where some systems are released and others are not — create compliance gaps. Build a hold release checklist covering every system in the original hold scope.

Expert Take — Jeff Arnold, 4Spot Consulting™

The spoliation risk from running an automated retention deletion job on records subject to a legal hold is not theoretical — courts have imposed adverse inference instructions in employment cases for exactly this failure. The automation that makes HR data management efficient can become the mechanism that destroys evidence if legal holds are not implemented with the same discipline as retention policies. Build the legal hold suspension step into every automated deletion job. Never let a scheduled deletion run without first checking the legal hold register.

Key Takeaways

• Data retention is your standing policy; legal holds override retention for specific records when litigation is actual or anticipated.
• Legal hold triggers: EEOC charge, lawsuit filed or threatened in writing, regulatory subpoena, or counsel’s reasonable anticipation determination.
• Hold scope is defined by legal counsel; HR operations implements the technical preservation across all identified systems.
• Four technical steps: identify systems, disable deletion jobs, export to immutable storage, document and file with legal counsel.
• Make.com™ automates hold implementation and documentation — but legal judgment on scope remains with counsel, not automation.
• Every automated deletion job must check the legal hold register before executing — never let scheduled deletions run without this check.

Frequently Asked Questions

What is the consequence of deleting records subject to a legal hold?

Deletion of records subject to a legal hold constitutes spoliation of evidence. Courts respond to spoliation with adverse inference instructions (instructing the jury to assume the destroyed evidence was unfavorable to the spoliating party), monetary sanctions, and in extreme cases case-dispositive sanctions. The severity depends on whether the deletion was intentional or negligent — negligent deletion still results in adverse inference instructions in most jurisdictions.

Do legal holds apply to Make.com execution logs?

Yes, if the Make.com™ execution logs contain records relevant to the matter in dispute. For AI hiring discrimination claims, Make.com™ execution logs that document the automated screening decision and its contributing factors for a specific candidate are discoverable and must be preserved. This is why the OpsMap™ standard writes all AI screening decisions to durable storage (ATS custom fields + Google Sheets) rather than relying only on Make.com™ execution history, which has a 30-day retention limit by default.

How long does a legal hold typically last?

Legal holds last as long as the underlying matter remains unresolved. EEOC charges typically resolve in 6–18 months. Employment litigation typically runs 2–4 years. A hold placed when an EEOC charge is received and maintained through litigation resolution can last 3–5 years. Hold duration is not predictable at the outset — plan for multi-year holds on any matter that proceeds beyond initial EEOC mediation.