Here's the source for the data preservation requirement: http://www.usdoj.gov/criminal/cybercrime/COEFAQs.htm Preservation is not a new idea; it has been the law in the United States for nearly five years. 18 U.S.C. 2703(f) requires an electronic communications service provider to "take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process" upon "the request of a governmental entity." This applies in practice only to reasonably small amounts of specified data identified as relevant to a particular case where the service provider already has control over that data. Similarly, as with traditional subpoena powers, issuance of an order to an individual or corporation to produce specified data during the course of an investigation carries with it an obligation not to delete or destroy information falling within the scope of that order when that information is in the persons possession or control. -----
From the US Code via GPO Access:
http://www.access.gpo.gov/su_docs/aces/aaces002.html 18 USC 2703(f) (f) Requirement To Preserve Evidence.-- (1) In general.--A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process. (2) Period of retention.--Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity. -----