The essential guide to Slack eDiscovery
Table of Contents
- What is Slack?
- What makes Slack data unique?
- Understanding roles and permissions in Slack
- How to choose the best Slack plan for eDiscovery
- Managing Slack data retention
- Exploring your options for Slack eDiscovery
- Key steps for developing a successful Slack eDiscovery strategy
- Moving forward with eDiscovery for Slack
- About Onna for Slack
Remote, in-office, or hybrid — Slack has become an indispensable tool for companies looking to support productivity, no matter where it happens. Think of Slack as a digital headquarters for businesses, relied on daily by nearly a million organizations for team messaging, file sharing, and voice/video calls.
Dynamic tools like Slack have revolutionized the way we exchange and access information. However, attachments, gifs, and long message threads make Slack data complex, mainly due to its unstructured nature. Unstructured data makes up 80% of a company's overall data and grows by 55-65% each year. As more businesses turn to Slack for communication, collecting, processing, and producing relevant Slack data for eDiscovery collections, early case assessments, and internal investigations becomes increasingly difficult.
If you need or anticipate needing to extract data from Slack for eDiscovery, compliance, or other purposes, now is the time to familiarize yourself with the platform.
Our essential guide covers:
- An overview Slack’s interface and features
- The dynamic nature of its data
- Slack roles, permissions, and subscription plans
- Data retention in Slack
- Your eDiscovery options
- A flexible strategy to get started with Slack eDiscovery
Let's get into it.
What is Slack?
Before examining your eDiscovery options for Slack, it’s important to understand the platform's capabilities. Slack serves as an all-purpose communication tool that centralizes real-time messaging, file sharing, and collaboration. Let’s take a closer look at its most significant features.
Fun fact: Slack stands for Searchable Log of All Communication and Knowledge.
A company's Slack environment is referred to as a "workspace." While small to medium-sized companies usually operate within a single workspace, larger organizations might use multiple workspaces connected to Slack Enterprise Grid.
Unlike email, where messages can get lost in cluttered inboxes, Slack organizes conversations into channels, making it easy to find and follow discussions related to specific projects or topics. Members can create public or private channels for group discussions within a workspace. Public channels are open to all members, while private channels require an invitation. Channels can be deleted or archived when no longer needed.
Slack offers direct messaging (DMs) for smaller conversations outside of channels. DMs are perfect for one-off discussions that don't require an entire channel's input.
Note: Slack Connect allows users to send DMs to individuals from other companies.
With support for over 2,000 third-party apps, Slack transforms into a centralized collaboration hub, streamlining access management and reducing the need for constant tab switching.
Note: For eDiscovery purposes, it's crucial to track which integrations your organization uses.
Slack huddles facilitate easy communication within channels or DMs, including with external partners. Users can instantly connect via audio, video, or screen-sharing. The free version of Slack accommodates two-person huddles, while paid versions support up to 50 participants.
Note: Slack does not provide recording or transcription services for calls or huddles.
Audio and video clips
Effortlessly share information by recording and sending audio or video clips. Recipients can respond using their preferred format – audio, video, or text. Clips include live captions and adjustable playback speeds, and Slack automatically transcribes video and audio clips for easy searching.
Note: For easier analysis, opt for an eDiscovery solution that allows you to play and view this data in its original format.
What makes Slack data unique?
Like so many of today’s emerging applications, Slack’s technology is state-of-the-art. It integrates with over 2,000 apps, offering customizations, shortcuts, and file-sharing features for optimal functionality. Slack also allows users to develop their own apps on the platform, with more than 885,000 developers actively using this feature.
By simply clicking a button, users can send gifs, share links, start threads, and even edit and delete messages. The user-friendly interface and transient nature of Slack promote rapid growth and constant change, setting it apart from other platforms. While these features make Slack a dream for productivity, they also add complexity to the eDiscovery process.
The thing is … as data grows more dynamic, identifying, processing, and exporting it in a comprehensive format becomes more challenging. Without a well-planned eDiscovery strategy, the vast amount of dynamic data in Slack may result in exported data appearing as a JSON file, lacking contextual information (see above). As a result, even the most diligent legal teams will need to invest significant time and effort to review the data.
Understanding roles and permissions in Slack
Slack roles determine the capabilities and access levels of each user within your workspace. It’s important to understand these roles to collect data effectively from Slack.
Owners represent the highest tier of users with the most permissions. A workspace can have multiple owners, but only the primary owner can transfer workplace ownership or delete a workspace.
Admins possess the second-highest level of permissions. A workspace can have numerous admins who invite or remove members, moderate channels, and perform other administrative tasks.
Members encompass all other individuals in the organization who join the workspace. They can access public channels and create their own channels for communication and collaboration.
Guests, only available in paid subscriptions, have limited access to relevant channels. For example, you can invite a vendor or consultant to one or more channels for a specified duration.
How to choose the best Slack plan for eDiscovery
Collecting Slack data for eDiscovery requires a clear understanding of your organization's plan features and offerings. Slack offers three business plans: Pro, Business+, and Enterprise Grid. Pro and Business+ cater to small and medium-sized businesses, while Enterprise Grid serves larger organizations with more complex structures.
In addition to these plans, Slack also offers GovSlack. GovSlack caters to the security needs of government organizations, making it the preferred choice for agencies like the U.S. Department of Veterans Affairs and the General Services Administration's 18F Office.
Key benefits of GovSlack include:
- Compliance with government security standards, such as FedRAMP High, DoD IL 4, and ITAR.
- Runs in AWS GovCloud data centers.
- External collaboration via Slack Connect with other GovSlack users.
- Custom encryption keys for enhanced data visibility and control.
- Enterprise-grade admin dashboard for scalable permission and access management.
- A directory of approved applications, including DLP and eDiscovery apps (such as Onna), that can integrate with Slack.
For a detailed look at technical capabilities, visit Slack's pricing page. For a quick overview of Slack eDiscovery features available in business plans, refer to the summary below:
- Custom retention policies for messages and files.
- Custom retention policies for messages and files.
- Corporate exports for all messages.
- Custom retention policies for messages and files.
- Corporate exports for all messages.
- Integrations with data loss prevention (DLP), eDiscovery, and offline backup providers.
- Security, compliance, billing, and platform integration management in a single view.
- Enterprise Mobility Management (EMM) integration.
- Audit logs API.
Managing Slack data retention
Slack offers customizable retention policies for messages and files, regardless of your subscription plan. To avoid data loss, set your retention policy as soon as possible. By default, Slack will retain all messages and files, including audio and video clips, in your workspace indefinitely. However, you can customize these settings to fit your requirements.
For example, if you apply a 30-day message retention policy, Slack automatically removes messages and files older than 30 days. Keep in mind that once deleted, you cannot recover this data. If a file comes from an external platform like Box or Google Workspace, deleting it in Slack doesn’t affect its availability in the original source. Review the chart below for a detailed list of message and file retention options for Pro, Business+, and Enterprise Grid subscriptions:
Message retention options
Keep everything: Slack retains all messages and tracks edits and deletions.
Keep all messages without tracking revisions: Slack retains all messages but does not track edits or deletions.
Customizable message retention: Slack deletes messages after your chosen time frame.
Allow workspace members to modify retention settings: Members can adjust retention settings for individual channels and DMs.
File retention options
Keep all files: Slack retains all shared files for the lifetime of your workspace.
Keep all files for a specified duration: Slack permanently deletes files (snippets, posts, uploaded files, and those shared via third-party apps like Dropbox or Google Drive) after your chosen number of days.
Keep all files, including deleted ones: Slack retains all files during your workspace’s lifetime. Deleted files remain accessible via exports for all conversations and the Discovery API.
Keep all files, including deleted files, for a specified duration: Slack permanently deletes files (snippets, posts, uploaded files, and those shared via third-party apps) after your chosen number of days. Deleted files remain accessible via exports for all conversations and the Discovery API.
Exploring your options for Slack eDiscovery
There are currently two primary methods to collect data from Slack for eDiscovery purposes:
- Request a standard or corporate export: A workspace admin must request a standard or corporate export from Slack. The standard export includes content from all public channels within a workspace, including messages and file links. The corporate export, on the other hand, provides access to public and private channels, along with direct messages. If you need a comprehensive view of your Slack data, a corporate export is the way to go. However, keep in mind that the export may appear as a complex JSON file, similar to the one mentioned earlier, making it difficult for humans to read easily.
- Utilize the Discovery API (recommended): The second option — which is highly recommended for access to more dynamic data — is using the Discovery API. This API allows you to access all resources across multiple workspaces in your account, including edits and deletions. You can also target your collections, exporting only what you need, and access resources shared between workspaces. Integrating the Slack Discovery API with an eDiscovery solution, like Onna, ensures your data remains fully searchable and ready for review.
Legal holds in Slack
If you’re a Compliance Admin in an Enterprise Grid organization, you can set up legal holds on specific members to preserve their communications and files in Slack via the API. Here’s an overview of the process and what to expect:
Note: Messages and files from Slack Connect channels or direct messages are not included in legal holds.
In-place preservation for faster downstream collections
eDiscovery professionals often face challenges in protecting ESI from accidental or intentional destruction by custodians. They usually end up choosing between two less-than-ideal options:
- Trusting custodians to properly preserve data, potentially compromising information integrity.
- Over-collecting data, leading to higher review costs and increased data management risks.
In-place preservation offers a solution by safeguarding data directly within the apps where it originates and preventing any modifications or deletions once preserved. To implement this, consider using a preservation management system within an eDiscovery tool.
Onna's In-place Preservation feature enables users to easily preserve data in real-time within source systems with just one click. Once in-place preservation is complete, users can search, cull, and export the data set to their preferred review tool for further analysis.
This approach tends to benefit both IT and legal teams. IT teams experience fewer disruptions in their daily tasks and require less staff involvement, while legal teams enjoy simpler management, more convenient monitoring, and a reduced risk of errors or omissions.
The bottom line …
Relying on Slack exports may create significant challenges throughout your eDiscovery process. When deciphering a Slack export (JSON file) becomes difficult, it’s tough to assess the defensibility of information and identify case-relevant content. This can lead to not only increased processing fees, but also confusion during the review cycle.
For these reasons, we recommend working with a third-party eDiscovery solution rather than trying to do it ad hoc. Without professional assistance, your legal team may have to jump through hoops that will cost you time, money, and increase the risk of error.
If you’re ready to work smarter, in the next section we’re breaking down our Slack eDiscovery strategy so you can avoid expensive pitfalls, increase efficiency, and set yourself up for long-term success.
Key steps for developing a successful Slack eDiscovery strategy
By implementing a well-planned Slack eDiscovery strategy, organizations can dodge expensive errors, enhance efficiency, and guarantee lasting success. To accomplish this, take into account these crucial steps, tailoring them to fit your organization's particular needs:
Step 1: Familiarize yourself with Slack's data types
Get to know the various data types in Slack, such as threads, custom emojis, emoji reactions, audio notes, video recordings, huddles, modern attachments, hyperlinks, app integrations, and more. By doing so, you’ll be better equipped to accurately collect and preserve relevant Slack data while ensuring compliance with regulatory requirements.
Step 2: Evaluate your organization's requirements
It might seem obvious, but understanding your requirements is one of the first steps toward a successful Slack eDiscovery strategy. Internal stakeholders may question the need for a proactive approach, but it's essential to assess the reasons behind it. After all, email discovery solutions are a given, so what makes this any different? Investigate how your organization uses Slack by asking yourself questions like:
Reflecting on these questions will help clarify the appropriate course of action. For example, if your company has thousands of employees frequently using Slack, you're likely dealing with a larger data set and higher-stakes litigation. In this case, relying solely on a corporate export isn't enough, and it's time to reevaluate the Slack eDiscovery strategy you have in place.
Step 3: Regularly review and update your Slack retention settings
Companies that don’t implement robust data retention policies expose themselves to potential legal, financial, intellectual property, and security risks – and Slack data retention is no exception.
To effectively retain data in Slack, you should analyze your company's unique requirements. This process includes:
- Assessing the types of data stored in Slack,
- determining appropriate retention periods,
- and identifying which information to delete.
Don’t rely on a one-size-fits-all solution; instead, collaborate with internal stakeholders like active Slack business groups, legal, IT, and compliance teams to establish the best policy for preserving relevant data in Slack. Since minor oversights can lead to significant consequences, it’s important to regularly evaluate retention policies in accordance with your organization’s evolving needs.
Note: Keep in mind that retention settings can impact the platform's usability and utility.
Step 4: Create and communicate a clear company Slack policy
Establish a company policy for all new technologies –– including Slack. Clearly outline expectations for platform use and monitoring, such as maintaining confidentiality in certain channels, flagging or reporting inappropriate words or behaviors, and adhering to message retention policies. Educating your company on these guidelines can help reduce data loss, spoliation, or improper behavior on the platform.
Tip: Develop an internal Slack compliance guide for your legal team, if you haven't already. Detail your current Slack plan capabilities and outline retention setting protocols. This ensures crucial information remains preserved and simplifies the eDiscovery process for the future.
Step 5: Implement a tailored eDiscovery solution
Implement a reliable eDiscovery solution to strengthen your Slack eDiscovery plan. Although some legal teams believe that in-house solutions are too costly, companies can actually waste significant amounts of time and money by not proactively preparing for litigation.
When choosing a Slack eDiscovery solution, ensure that it can:
- Connect directly to Slack’s Discovery API for the most defensible data extraction
- Allow you to choose which Slack data to collect and preserve
- Continuously sync and archive specific workspace data as needed
- Transform incomprehensible JSON files into contextual information
- Show edits and deletions in messages
- Place custodians on legal hold
Litigation and internal investigations may be infrequent, but when they occur, consider the big picture when choosing an eDiscovery solution. While a simple solution for Slack may be your current priority, you may later need a tool covering Google Workspace, Zoom, Zendesk, and other enterprise apps. For these reasons and more, it’s best to look for a “master tool” for your entire tech stack.
Beyond Slack-specific features, look for the ability to collect varying data amounts, flexible software deployment, strong security measures, and advanced search capabilities. Also, evaluate your eDiscovery tool's longevity. Is it API-based, cloud-built, scalable, and integrable into a preservation plan? Addressing these questions will help determine the tool's long-term value for your company.
Moving forward with eDiscovery for Slack
There you have it! You’re now well-versed in Slack eDiscovery. We hope our tips encourage you to replace outdated practices with modern strategies in your Slack eDiscovery plan. To recap, let’s compare the old way vs. the new way for Slack eDiscovery:
As you can see, adopting a modern Slack eDiscovery approach significantly reduces the time spent on your eDiscovery workflow. Now, you can complete it in just minutes or hours instead of weeks. Using the right tools and processes not only saves time during the collection phase, but also leads to a more targeted and refined dataset for review, which in turn accelerates the review cycle and makes it more cost-effective.
About Onna for Slack
Onna revolutionizes data discovery from Slack and other workplace applications by offering a comprehensive, user-friendly solution on a centralized platform. With Onna, you can say goodbye to manual exports and connect your workspace directly to the platform to collect data in its native format. Slack’s Discovery API and our open-ended API integrate to simultaneously collect and process the data you need in real-time — nothing more, nothing less.
Enterprise companies use Onna to streamline eDiscovery processes by quickly identifying, collecting, preserving, and searching data from various workplace apps, including Slack, all in one place.
Once your Slack data is in Onna, your team has immediate access to it. Set legal holds, review and collaborate on evidence, and when you’re ready, export data into the review platform of your choice.
Here’s what a few of our customers have to say: