Why you should be using the Slack Discovery API for compliance and eDiscovery
Editor’s note: This post was originally published in October 2019 and has been completely revamped and updated for accuracy, relevance, and comprehensiveness.
Slack is a trailblazer in modern workplace communication. As more companies look to Slack as their primary communication tool, a growing volume of business records and sensitive information accumulates on its platform. From a productivity standpoint, this is excellent news. But from an eDiscovery standpoint? Legal teams are now navigating uncharted waters.
Thankfully, Slack offers a set of APIs that enable users to access data and simplify compliance and eDiscovery processes. If you’re unsure which APIs will best suit your needs, you’re in the right place. Our close partnership with Slack has given us valuable insight into how the Discovery API can make eDiscovery for Slack a relatively painless experience.
What sets Slack apart?
In early 2020, the surge in remote work rapidly increased Slack’s concurrent users from 10 million to 12.5 million within weeks. Three years later, nearly 20 million people rely on Slack for effective work collaboration, whether in the office, at home, or on the go. However, the very features that make Slack so appealing – such as images, gifs, videos, audio files, attachments, links, emojis, threads, channels, and the ability to edit and delete messages – also pose significant challenges for eDiscovery.
Slack’s widespread adoption includes 77 of the Fortune 100 companies that have integrated the platform into their operations. The app is also credited with reducing email usage by 32% and cutting meetings by 28%. Despite these benefits, Slack generates massive amounts of unstructured data. The more dynamic the data, the harder it becomes to identify, process, and export in a comprehensive format.
With Slack’s popularity and usage continually growing, managing unstructured data will likely become an even more pressing issue. Legal teams must proactively implement effective search, collection, and processing methods to address these challenges; otherwise, they’ll end up with something like this:
Working with this data can leave eDiscovery review teams overwhelmed and frustrated. They may waste time dealing with inconsistent and illogical rendering while facing the risk of incurring substantial costs. However, there's no need to worry — Slack's Discovery API can effectively address these issues and more.
Should you use the Slack Discovery API for retrieving Slack data?
That depends. Each litigation is unique, and the information you need to collect may vary. However, the Discovery API typically delivers the most detailed information.
What is Slack Discovery API?
Slack’s Discovery API enables Org Owners on the Enterprise Grid plan to use approved third-party applications for exporting or taking action on messages and files (e.g., PDFs, JPGs) across any workspace within an Enterprise Grid organization. Either the Primary Org Owner or another Org Owner can request activation of the Discovery API. Once activated, all Org Owners gain access to it.
To use Slack's Discovery API, you must have an access token. This token is specific to your application and serves as a key to authenticate and authorize your API access. With the access token, you can perform different actions and access data within the scope of your permissions.
Depending on your specific needs, you can select from two categories of third-party partner apps:
eDiscovery apps extract messages and files from Slack, storing this information in external applications. These apps allow for the searching, archiving, and collection of messages and files.
- Data Loss Prevention (DLP)
DLP apps safeguard sensitive information, such as social security numbers and credit card details, by preventing unauthorized sharing outside of Slack. They achieve this by scanning message and file content, ensuring compliance with predefined policies.
However, merely enabling the Discovery API is not a complete solution. For example, the API exports data in an incomprehensible JSON format, as illustrated above. If you need data in a different format, you must connect the Discovery API to a third-party eDiscovery solution.
As Slack’s eDiscovery partner, we know that deeper connections with Slack enable smoother collections. For instance, see how the Onna platform decodes that baffling JSON file:
What about legal holds?
In an Enterprise Grid organization, a Compliance Admin can place specific members under legal hold to preserve their messages and files in Slack. To create a legal hold, you can choose to include data from all conversations or only direct messages involving the member.
Accessing the data under legal hold is possible through an export or by utilizing the Discovery API. Be aware that if a channel included in the hold is deleted, the message and file data will not be preserved. Legal holds exclude messages and files from Slack Connect channels and direct messages.
The bottom line
As Slack's workflows and integrations continue to evolve, the complexity of its data also increases. To simplify your data collection process from Slack, follow these two essential steps:
- Use Slack’s Discovery API to access extensive data sets.
- Select a reliable eDiscovery solution to help you search the data set, identify relevant information, and export it for review.
By understanding your Slack plan and leveraging the potential of Slack's Discovery API, you can streamline data collection from Slack. Collaborate with an IT expert or team up with a specialized eDiscovery provider like Onna to evaluate your requirements and guide you to success.