With the rising tide of regulation and litigation, it can be a challenge for CIOs to know what data the company needs to retain -- and for how long -- in order to protect and defend itself in the event of a legal or regulatory incident. According Symantec's 2011 Information Retention and eDiscovery Survey, conducted by Applied Research, it's no longer just a question of archiving your email. During the eDiscovery process, attorneys more commonly seek structured and unstructured information than they do email, the survey found. Social media and text messages also made the list of commonly requested digital records. Annie Goranson, discovery attorney at Symantec, says that knowing what to keep is critical for CIOs. "There are a lot of risks associated with keeping that data around past its useful life. It really becomes a drain on the business and on the technology that the business is using. The ability and the focus to develop a deletion policy [and] a retention policy puts the entire organization in a much better position with respect to risk. From the CIO's perspective, that's probably the biggest gain." Applied Research surveyed 2,000 global enterprises with at least 1,000 employees on behalf of Symantec in June and July 2011. Respondents came from both IT management and legal departments. In addition to highlighting survey findings, we provide six steps to help you keep your organization prepared for an information request.