Use Workplace from Meta to unlock the voice of your employees. Join the webinar to learn how. →

SOLUTIONS

For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance


For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →

Integrations

Connect Aware to the tools you already use to have all your company messaging in one place.

LEARN MORE →
Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications
Flashlight

Signal

Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →
Chat_Search

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →
file_lock

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →
Growth

Spotlight

Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →
AWR-2022-HBRA-LandingPage-Visual

What's in your data?

Calculate my results →

Company

About Aware

Our leadership, our company

Careers

Explore open roles with our remote-friendly, global team

Partners

Driving customer value, together

Press Releases

Digital workplace news and insights

Customers

How Aware customers streamline operations, reduce risk, and boost productivity

Security

Data security partners & certifications

Contact

Get in touch with us

Aware-BPW-Company-Nav

10 Reasons Why Aware is a Top Place to Work

Learn more →

Resources

Access reports, webinars, checklists and more.

Explore →

Blog

Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →
Menu

Data Retention Policies for Slack

by Aware

What Workspace Admins Need to Know

Data backup is a crucial aspect of organizational governance in the modern digital workplace. The rise of collaborative platforms like Slack has revolutionized communication within businesses. However, managing data within these platforms is a nuanced task, requiring a deep understanding of data retention policies, compliance, and associated risks.

Contents

Why do data retention policies matter?

The digital transformation brought with it an unprecedented influx of data, and not all of it holds equal value to the enterprise. Data retention policies enable organizations to assign value to their information, allowing for informed decisions on what to preserve and what to purge.

Robust data retention policies can also help businesses to meet regulatory obligations to retain or purge sensitive information. For example, in the United States, the Securities and Exchange Commission requires financial institutions to retain certain types of data for a period of seven years. Understanding the data you hold is fundamental to this process, especially for businesses in highly regulated industries or those who routinely handle sensitive or restricted information.

Retention policies are a critical first step in any compliance or data loss prevention workflow, and supports additional functions for teams across the organization, including eDiscovery and other legal processes.

Do data retention requirements apply to Slack?

Regulatory bodies such as the SEC and FINRA have made it clear through fines and penalties that retention periods for highly regulated businesses apply equally to all forms of corporate communications, including collaboration tools like Slack. New rules such as SEC 17a-4 further clarify this position and affirm that covered entities must have a proactive solution in place to capture a complete record of all electronic communications, wherever they occur.

 

What risks live in Slack data?

Every business handles some forms of sensitive data, and that information is inevitably shared within collaboration tools like Slack. Some of the most common types of sensitive data shared in Slack include personally identifiable information (PII), protected health information (PHI), and payment card information (PCI). Aware research shows that 1 in 17 Slack messages contains sensitive data like PII. Without a plan to identify and secure this data, it could be compromised by hackers or other malicious actors.

Slack Data Risks by the Numbers

We analyzed 6.6B Slack messages. Discover what we learned

Go Now

Further, Aware analysis shows that users often share company-sensitive data on Slack. One organization used Aware to identify over 20,000 instances of customer credit card numbers being shared in collaboration tools. This put the business at risk of action from the PCI Standards Council (PCI SSC), with fines for violations reaching up to $100,000 per month.

It isn’t just regulated data that can create risk for enterprises, however. Corporate secrets, IP, and even interpersonal conflict all exist within messaging tools like Slack and can leave the business open to financial losses and legal action. Managing data retention in Slack requires understanding and mitigating these liabilities as well.

Does Slack retain data by default?

Yes, Slack will retain all user data for the lifetime of the account according to its default settings unless otherwise instructed. However, that does not mean all data is immediately accessible to Slack administrators. Workspace admins of lower-tier accounts will often have to petition Slack to gain access of user data from private and restricted Slack channels, or that is more than 90 days old. Before granting this request, Slack requires a compelling legal reason and may notify users if their data is passed to administrators.

Slack data retention options by account type

 

Free Plans

Pro

Business+ & Enterprise Grid

Retain all messages (no revisions)

X

X

X

Retain all messages (with revisions)

 

X

X

Delete after 90 days

X

 

 

Delete after custom time

 

X

X

Member-level policies

 

X

X

Admin-level policies

 

 

X

 

Slack offers a number of customizable data retention options, depending on the plan. On the Free and Pro Slack plans, admins can choose to keep all messages and files indefinitely or to delete them after a set period of time. On the Plus and Enterprise Grid plans, admins can also choose to keep or delete messages and files based on channel type and other criteria. Slack users in paid plans also have the option to configure their own message retention settings for private channels and DMs, a feature known as Member Overrides. On Business+ and Enterprise Grid plans, workspace owners can also set customized message retention policies for individual channels (Admin Overrides).

To properly enforce retention policies throughout a Slack workspace and retain complete control of all the data it contains requires a Business+ or Enterprise Grid Slack plan, as these tiers support granular workspace settings for retention. To gain even more control over Slack data retention, administrators should consider deploying a third-party Slack retention tool such as Aware.

Aware-DataManagement-Retention

Get granular data retention for Slack from Aware

Learn More

Are deleted Slack messages recoverable?

No, deleted Slack messages are not recoverable by default. This is critical to note, because users (also known as custodians) can edit or delete their Slack messages at any time. Unless a data retention policy is in place that specifically captures revisions and deletions, these messages might be lost forever.

Should admins retain all Slack data?

Most Slack data is low quality and does not pose much risk to the enterprise by itself. However, preserving all this data can lead to increased risk exposure simply because of the volume in which it is created—last year, employees sent over 18 trillion messages in collaboration tools. This can make it harder for legal and compliance teams to find the “needle in the haystack” during internal reviews, investigations, and eDiscovery.

For businesses in highly regulated industries, regulations imposed by FINRA, the SEC and similar organizations often outline minimum retention policies required of all electronically stored information, including Slack data. Failure to comply with these requirements can lead to hefty fines and penalties. And even for businesses outside these industries, there are often data protection requirements to safeguard and secure sensitive information such as PII/PHI/PCI that must be addressed.

These competing demands on the organization—to both limit exposure in large datasets, and to fulfill regulatory obligations to preserve data—present new challenges to collaboration workspace owners. Aware’s AI data platform makes it faster and easier for admins to accurately assess their risk exposure in this dataset, enforce legal holds and retention settings that meet regulatory need, and make their data actionable.

Common Slack data retention challenges

  • Lack of visibility: Slack admins may not be able to see all messages that are shared in their workspace, especially if they are on the Free or Standard Slack plan.
  • Lack of control: Users can delete their own messages at any time, complicating data control.
  • Data sprawl: Slack data can be spread across public channels, private channels, direct messages, and files. This can make it difficult to manage and retain data effectively.
  • Regulatory compliance: Businesses must comply with a variety of message and file retention regulations, which can be complex and difficult to manage.
  • Integration issues: Understanding how third-party apps connected to Slack access and store data is fundamental to retaining control of sensitive information.

How Aware supports data retention for Slack

Aware simplifies data retention in complex collaboration datasets like Slack, supporting admins in properly evaluating the risk and value of the data they hold. Aware connects effortlessly to Slack via native APIs and webhooks to ingest a real-time record of all messages, including revisions, deletions, and secures them in a defensible, immutable archive. By enriching each message with AI-infused metadata, Aware enables admins and compliance and legal teams to quickly search, sort, and surface Slack messages to accelerate internal investigations and support regulatory compliance.

Aware’s smart workflow automations can detect instances of unauthorized sensitive and confidential information sharing within Slack using industry-leading natural language processing and sentiment analysis models that outperform all leading competitors. Using Aware, workspace administrators can take charge of their entire collaboration ecosystem from a single, centralized platform that puts granular data retention controls at their fingertips.

Take the first step today with search-ready Slack backup from Aware.

backup customer quote

Backup your Slack data today

Backup My Slack
Topics:Slack MessagingRecords Retention/Information Governance

Subscribe to Updates

AW_Logo-White
Platform
Integrations
Resources
Company
Legal
Do Not Sell My Information

455 S. Ludlow Street,
Columbus, OH 43215
2023 Inc._Best Workplaces - Standard Logo Reverse
Copyright © 2024 Nullable, Inc. All Rights Reserved.