Hanzo’s Jim Murphy explores the danger of Slack data; voluminous, informal, unstructured and context-dependent, it’s a threat hiding in plain sight at thousands of organizations, and often it’s only in the course of an investigation or e-discovery matter (when it’s too late) that a company recognizes the issue.
Just when you thought it was safe to go back in the water, you encounter one of these shocking — and shockingly common — images. At first, you only see the clear, peaceful ocean and the lone surfer calmly riding a wave… oblivious to the enormous shark tailing just behind. Then you realize that, but for the wave and the perfect timing of the photo, no one would have known the shark was there.
Unfortunately, there may be a shark lurking in the apparently tranquil waters of your organization. That shark is the data in Slack and other collaboration applications, and a compliance investigation or e-discovery matter is the wave that will reveal the previously unseen danger.
The Rise of Slack Data
Collaboration applications like Slack have seen stratospheric growth in recent years. In January 2019, Slack reported that it had 10 million daily active users—double the number from just two years before. Those users are on Slack a lot: one study found that Slack users check in with their communication tools every five minutes throughout the workday.
All of those Slack messages are diverting conversations from email and other more traditional modalities. In 2015, Slack reported that its paid users had experienced a 48.6 percent reduction in email since adopting Slack, accompanied by a 24 percent decrease in meetings. Those discussions didn’t disappear; they’re just happening in Slack. That means that if a litigation opponent or a regulatory agency asks you for them, you’ll need to be able to produce them.
Whereas we’ve all developed methods to manage the retention and supervision of data from other communication methods, most organizations haven’t done the same for Slack.
That, as it turns out, is dangerous.
3 Dangers of Slack Data
Of course, you may not yet realize that you’re in danger. For the moment, you’re still surfing along blissfully — and that right there is the first problem.
1. Slack is frequently off the radar.
The barrier to entry is extremely low with Slack, particularly for employees who use their personal mobile devices to communicate. They can add the Slack app, create a few channels and start chatting about work with colleagues, for free, in just minutes. Yes, this might violate company policy about app use, but guess what? It’s happening anyway.
Often, organizations don’t know that their employees have started using Slack until it comes up in a discussion about an investigation. Even when companies do know about Slack, they may not have had time yet to develop a formal process for how it’s used and how the conversations within it are collected and retained.
There’s another aspect of Slack’s low-key messaging structure that causes problems: Employees on Slack may well forget that they’re discussing work-related matters on a corporate communications platform. That can lead to unprofessional conduct — inappropriate jokes and profanity, for instance — or even illegal behavior like discrimination and harassment.
Together, these characteristics mean that organizations haven’t even tried to capture, retain or supervise their Slack messages, and that they might be horrified by what they find when they do.
2. Slack messages often don’t contain complete thoughts.
Emails, even when abbreviated, follow a standard letter format: there’s a salutation, then the body, then some form of closing. Most emails include enough information to figure out what they’re about, whether it’s a specific project, event or client.
In contrast to that old-fashioned correspondence, Slack messages unfold far more like rapid-fire, in-person conversations. They tend to involve one-liners that refer back to earlier messages or topics. And many “communications” don’t take the form of typed words at all: employees may express themselves on Slack by reacting to other posts with emojis or posting GIFs in response.
That means that — after you realize you need to collect Slack messages and figure out a way to access them — you can’t limit your search to messages that include keywords. You need to capture the surrounding context, both verbal and nonverbal, to ensure you’re getting the full meaning.
3. Slack data is unstructured and unfamiliar.
Email data is neatly structured and organized, and our e-discovery and compliance tools are well equipped to handle it. Its metadata reveals who a message came from and who received it. We know exactly how to preserve, export and search emails for information that could be relevant to a litigation matter or a compliance investigation.
Slack is not like email.
Yes, you can tell who typed a message, but you can’t tell who read it unless they directly replied; anyone who belongs to a channel may or may not have seen the messages in that channel.
And while Slack has created some tools to enable compliance and e-discovery functions with its data, those tools are blunt instruments at best, designed by a company that focuses on collaboration rather than by a litigation support provider. For example, legal holds can be imposed, but they’re not limited to a particular scope: they’re either on, preserving everything, or they’re off. (Oh, and side note: If you’re using the free version of Slack, you’re only granted access to your most recent 10,000 messages anyway — so you’re definitely not preserving everything in an accessible format.)
To make matters worse, Slack exports are unwieldy — there’s a new file generated for each day of messages in each channel, which makes navigation challenging — and they can’t be directly plugged in to review software.
Thankfully, though, there are steps you can take to start conquering the lurking dangers of Slack data.
Best Practices for Managing Slack Data
First, figure out whether anyone is using Slack at your organization. You might circulate a condensed version of your custodian questionnaire, or create an online survey asking employees which apps they use for business communications. If you find that Slack has infiltrated your workplace, add it to your list of official data sources, incorporating it on your legal hold notices and your compliance checklists.
- Develop policies for how channels, messages and users can be added and what should — and shouldn’t — be discussed in different forums. Train your employees on those policies and explain why they’re so important. While you’re at it, train everyone at your organization about the do’s and don’ts of written messaging, reminding them that every Slack, text and, yes, email they write could someday be read aloud in a courtroom. Discretion is a virtue.
- If you’re using the free version of Slack, upgrade to Enterprise Grid. You’ll unlock not only unlimited message history, but also the ability to access Slack’s Discovery APIs, which enable data exports and other advanced functions.
You don’t have to stay out of the water — or off Slack — to keep yourself and your organization safe, but you do have to take the threat of unmanaged Slack data seriously.
James Murphy is VP of Product at 
