No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

The Shark in the Wave: Revealing the Lurking Danger of Slack Data

The Inherent Risks and Challenges of Using the Collaboration App

by James Murphy
June 17, 2019
in Data Privacy, Featured
black and white illustration of shark jumping out of water

Hanzo’s Jim Murphy explores the danger of Slack data; voluminous, informal, unstructured and context-dependent, it’s a threat hiding in plain sight at thousands of organizations, and often it’s only in the course of an investigation or e-discovery matter (when it’s too late) that a company recognizes the issue.

Just when you thought it was safe to go back in the water, you encounter one of these shocking — and shockingly common — images. At first, you only see the clear, peaceful ocean and the lone surfer calmly riding a wave… oblivious to the enormous shark tailing just behind. Then you realize that, but for the wave and the perfect timing of the photo, no one would have known the shark was there.

Unfortunately, there may be a shark lurking in the apparently tranquil waters of your organization. That shark is the data in Slack and other collaboration applications, and a compliance investigation or e-discovery matter is the wave that will reveal the previously unseen danger.

The Rise of Slack Data

Collaboration applications like Slack have seen stratospheric growth in recent years. In January 2019, Slack reported that it had 10 million daily active users—double the number from just two years before. Those users are on Slack a lot: one study found that Slack users check in with their communication tools every five minutes throughout the workday.

All of those Slack messages are diverting conversations from email and other more traditional modalities. In 2015, Slack reported that its paid users had experienced a 48.6 percent reduction in email since adopting Slack, accompanied by a 24 percent decrease in meetings. Those discussions didn’t disappear; they’re just happening in Slack. That means that if a litigation opponent or a regulatory agency asks you for them, you’ll need to be able to produce them.

Whereas we’ve all developed methods to manage the retention and supervision of data from other communication methods, most organizations haven’t done the same for Slack.

That, as it turns out, is dangerous.

3 Dangers of Slack Data

Of course, you may not yet realize that you’re in danger. For the moment, you’re still surfing along blissfully — and that right there is the first problem.

1. Slack is frequently off the radar.

The barrier to entry is extremely low with Slack, particularly for employees who use their personal mobile devices to communicate. They can add the Slack app, create a few channels and start chatting about work with colleagues, for free, in just minutes. Yes, this might violate company policy about app use, but guess what? It’s happening anyway.

Often, organizations don’t know that their employees have started using Slack until it comes up in a discussion about an investigation. Even when companies do know about Slack, they may not have had time yet to develop a formal process for how it’s used and how the conversations within it are collected and retained.

There’s another aspect of Slack’s low-key messaging structure that causes problems: Employees on Slack may well forget that they’re discussing work-related matters on a corporate communications platform. That can lead to unprofessional conduct — inappropriate jokes and profanity, for instance — or even illegal behavior like discrimination and harassment.

Together, these characteristics mean that organizations haven’t even tried to capture, retain or supervise their Slack messages, and that they might be horrified by what they find when they do.

2. Slack messages often don’t contain complete thoughts.

Emails, even when abbreviated, follow a standard letter format: there’s a salutation, then the body, then some form of closing. Most emails include enough information to figure out what they’re about, whether it’s a specific project, event or client.

In contrast to that old-fashioned correspondence, Slack messages unfold far more like rapid-fire, in-person conversations. They tend to involve one-liners that refer back to earlier messages or topics. And many “communications” don’t take the form of typed words at all: employees may express themselves on Slack by reacting to other posts with emojis or posting GIFs in response.

That means that — after you realize you need to collect Slack messages and figure out a way to access them — you can’t limit your search to messages that include keywords. You need to capture the surrounding context, both verbal and nonverbal, to ensure you’re getting the full meaning.

3. Slack data is unstructured and unfamiliar.

Email data is neatly structured and organized, and our e-discovery and compliance tools are well equipped to handle it. Its metadata reveals who a message came from and who received it. We know exactly how to preserve, export and search emails for information that could be relevant to a litigation matter or a compliance investigation.

Slack is not like email.

Yes, you can tell who typed a message, but you can’t tell who read it unless they directly replied; anyone who belongs to a channel may or may not have seen the messages in that channel.

And while Slack has created some tools to enable compliance and e-discovery functions with its data, those tools are blunt instruments at best, designed by a company that focuses on collaboration rather than by a litigation support provider. For example, legal holds can be imposed, but they’re not limited to a particular scope: they’re either on, preserving everything, or they’re off. (Oh, and side note: If you’re using the free version of Slack, you’re only granted access to your most recent 10,000 messages anyway — so you’re definitely not preserving everything in an accessible format.)

To make matters worse, Slack exports are unwieldy — there’s a new file generated for each day of messages in each channel, which makes navigation challenging — and they can’t be directly plugged in to review software.

Thankfully, though, there are steps you can take to start conquering the lurking dangers of Slack data.

Best Practices for Managing Slack Data

First, figure out whether anyone is using Slack at your organization. You might circulate a condensed version of your custodian questionnaire, or create an online survey asking employees which apps they use for business communications. If you find that Slack has infiltrated your workplace, add it to your list of official data sources, incorporating it on your legal hold notices and your compliance checklists.

  • Develop policies for how channels, messages and users can be added and what should — and shouldn’t — be discussed in different forums. Train your employees on those policies and explain why they’re so important. While you’re at it, train everyone at your organization about the do’s and don’ts of written messaging, reminding them that every Slack, text and, yes, email they write could someday be read aloud in a courtroom. Discretion is a virtue.
  • If you’re using the free version of Slack, upgrade to Enterprise Grid. You’ll unlock not only unlimited message history, but also the ability to access Slack’s Discovery APIs, which enable data exports and other advanced functions.

You don’t have to stay out of the water — or off Slack — to keep yourself and your organization safe, but you do have to take the threat of unmanaged Slack data seriously.


Tags: Communications Managemente-Discovery
Previous Post

Using AI to Spot Patterns Before Risk Butterflies Turn Into Tsunamis

Next Post

IIA Sets Exposure Period For Proposed Updates to “Three Lines of Defense”

James Murphy

James Murphy

James Murphy is VP of Product at Hanzo, where he is responsible for defining the product vision, strategy, planning and execution. Jim’s fundamental goal is to delight customers by solving their business challenges and providing them with an outstanding experience. To ensure a customer-centric experience, Jim leverages the insights he’s gained from serving as Hanzo’s Director of Service Delivery and his over 19 years of experience working within litigation support, information technology, e-discovery and web archiving. Previous to Hanzo, Jim served as the Director of Professional Services/Operations Engineering with the Merrill Corporation and has held various roles in technical support, business information technology and solutions architecture.

Related Posts

cubist style art of robot holding a pencil

Want to Be Part of the Generative AI Revolution? Start With Treating It Like an Assistant.

by Dave Cumberland
October 31, 2023

Integrating AI into internal communications can streamline how teams talk to each other

Two tightropers walk above the clouds

The Modern UK General Counsel Walks a Tightrope Between Legal and Value Creation

by Christophe Frerebeau
February 24, 2022

While global events and domestic regulation shifts continue to cause legal disruptions, UK GCs are also being asked to do...

Businessman supports data cloud hands on a dark background

Onna Launches eDiscovery Cloud Transfer Capability to Increase Security and Cut Export Management Overheads for Customers

by Corporate Compliance Insights
June 7, 2021

The automated export workflow significantly reduces time and effort while increasing predictability and strengthening security New York and Barcelona (June...

close up of male hands with magnifying glass picture on tablet pc

Relativity Acquires Text IQ to Drive Leadership in AI for e-Discovery, Compliance and Privacy

by Corporate Compliance Insights
May 27, 2021

Combination will enable law firms, enterprises and service providers to reliably and efficiently identify and manage sensitive and privileged data...

Next Post
man holding microphone out for comment

IIA Sets Exposure Period For Proposed Updates to "Three Lines of Defense"

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights