They retain the transaction info for some 6 months (they say) as a quality control measure.
The NRA has brough suit against NICS for building a database of gunowners using the "audit log." NRA vs. Reno
Yes, the Clinton administration was trying to do an end run around the legislation. That was however a while ago.
The legislation allowed for records to be kept for a short period of time in order to verify that the system was operating properly, however the data could legally be used for no other purpose.
Anti-gun organizations lobbied to allow NICS records should be used to combat terrorism, but it go shot down and never became law.
I believe that the reason the NRA lawsuit basically went away is that the Ashcroft, when he was Attorney General changed the policy so that NICS records are destroyed within 24 hours of a successful NICS check. Audit information for a check that remains in an open state because enough information was available can be retained for not more than 90 days, which is reasonably needed to make sure the system is working properly, though 90 days still seems to long for those cases.
A record of instances where someone failed a NICS check is retained forever.
http://edocket.access.gpo.gov/cfr_2006/julqtr/pdf/28cfr25.9.pdf