As for current law:
Quote:
(b) The FBI will maintain an automated NICS Audit Log of all incoming and outgoing transactions that pass through the system.
(1) Contents. The NICS Audit Log will record the following information: Type of transaction (inquiry or response), line number, time, date of inquiry, header, message key, ORI or FFL identifier, and inquiry/response data (including the name and other identifying information about the prospective transferee and the NTN).
(i) NICS Audit Log records relating to denied transactions will be retained for 10 years, after which time they will be transferred to a Federal Records Center for storage;
(ii) NICS Audit Log records relating to transactions in an open status, except the NTN and date, will be destroyed after not more than 90 days from the date of inquiry; and
(iii) In cases of NICS Audit Log records relating to allowed transactions, all identifying information submitted by or on behalf of the transferee will be destroyed within 24 hours after the FFL receives communication of the determination that the transfer may proceed. All other information, except the NTN and date, will be destroyed after not more than 90 days from the date of inquiry.
|
28 C.F.R. § 25.9
"Audit log means a chronological record of system (computer) activities that enables the reconstruction and examination of the sequence of events and/or changes in an event."
28 C.F.R. § 25.2
So that's current law, but I, too am curious as to a source for the claimed 30-day retention practice.