-
It depends on you site compliance requirements and applicable local laws. Most global networks need to be compliant with GDPR, which includes the so called RTBF rule - Right To Be Forgotten. The rule requires site operators to delete any all personally identifying data if the user requests to. There may be a way to retain some data for short period of time as part of backup and system integrity policy, in which case you may be required to give access to that data - but that also depends on type of request, court order or warrants, etc, etc. I have never seen or heard of any cases where network operators were required to retain data. Required to give access to retained data - yes, but never required to retain. If that what you want to do proactively - make sure it's explained in your privacy policy and terms of use, and check with your privacy lawyer to ensure that you are not in violation of any applicable compliance scopes lie GDPR or CCPA (penalties can be steep).
There is no requirement from any quarter to retain data. This is a safeguard that depends on the the type of network.
Yes, the privacy and TOS is basic, but complainants most times will join both the offender and the network as defendants in a law suit and if the offender wants to be Smart, he could delete every trace available (because they will be the first to smell the trouble) and the network only will be left to face the charges if the offender could not be traced.
To prevent this scenario from happening putting the network in serious trouble, there will be need to proactively retain data for a specified period of time as expressly stated in privacy policy.
But UNA doesn't have this capability for initiatives that are public and social in nature.
I took time to read through Facebook TOS & Privacy Policy to realize the importance of this missing feature.