Sounds like the retention policy is also solving the wrong problem. If for legal reasons you want to destroy any potential evidence, maybe it's a good idea to stop doing illegal actions.

It's not necessarily illegal actions, just those that would look bad in discovery. Lawyers (as always) tend to err on the side of caution.

I remember Matt Levine talking about how regulators would often find emails along the line of "Let's sell this crap to those idiots" and use that as leverage to force settlements rather than showing actual violation of regulations.

The reason being that it's hard to show intent to defraud, and much easier to threaten bad press.

Thanks to patents, everyone in technology is doing "illegal actions" all the time, since you can't do anything without infringing hundreds of patents. And if you can find an email somewhere indicating that someone knows that a competitor has feature X, or knows about the existence of a patent, viola, evidence of knowing infringement! Triple damages under US law.