Since anyone can put anything they want on their servers, it seems like a lot of evidence could be thrown out in court cases if access to that information is not strictly monitored and audited to make sure the owners aren’t removing or adding data.
Does anyone know of industry-standard practices to ensure that data on servers is not being manipulated in a way to protect or harm users?
It depends on the industry.
Finance has stricter regs about retention than most others.
Your finance data in any company may need to comply with regs, but may also need to comply with your legal team.
It really varies, even by company, or by business unit/vertical. Or class of data.
Compliance is an entire business itself. I’ve had to do compliance training every year, and not as someone who holds the keys to major data, but interacts within a company, and may handle different types of data.