Overcoming ediscovery and compliance challenges: How to Defensibly Collect and Preserve Enterprise Slack Data

| September 25 2018


Slack is the new email

Slack has become a massively-important workplace collaboration tool that millions are using. We complained about email for years. Slack has answered that complaint and has successfully lured many people off email with its intuitive design, designated communications channels, and very strong integrations that help facilitate collaboration and targeted conversations. As a result, organizations of all sizes navigated to it and Slack became a $1B company in less than two years, which is unheard of in most cases — but that also created a problem.

What’s the problem?

If so much of a company’s internal data that needs to be recorded for compliance or for eDiscovery purposes is on Slack, then, your organization needs a well-thought-out plan to collect and preserve that data, the same way organizations do with email or other repositories of electronically stored information (ESI). Slack, however, as with many new collaboration applications, is challenging to collect and preserve. The main use case of the application is afterall, communication and collaboration. Maturity in extracting data in a user-friendly format is often not at the forefront of the development roadmap. This means, organizations need a plan for managing the data and also solutions to defensibly collect and preserve their Slack data.

Learn more about the challenges Slack poses for ediscovery and how to overcome them in this on-demand webinar we presented in tandem with Zapproved.

Social-Best Practices for Collecting and Preserving Slack



Gut reaction: Ok, our organization just won’t use Slack!

Not so fast! While organizations often try to avoid a Slack rabbit hole by dictating “no critical business communications shall occur in Slack,” this is usually a losing proposition. Sorry to break this to you, but people are going to go with the flow. If they’re already working in Slack, they may share something business-critical in there, even if it’s not approved. If we’re being realistic, exactly how often does a corporate edict to over 1,000 people truly work?

You simply can’t dictate/policy your way out of Slack. Full stop. You will lose. So... back to that plan we were referring to previously. Time to start mapping things out. Take heart though, you’re not alone. It’s not uncommon for organizations to not have a mature playbook to refer to when they need to work with Slack data for ediscovery and compliance.

Common Slack eDiscovery and Compliance Challenges

The ease in sharing docs, links, videos and discussing them amongst the various channels and groups, entices people use Slack a lot. As a result, Slack produces massive quantities of data. Collecting Slack is a little like being asked to collect the ocean at large enterprises. Narrowing down what to collect becomes critical. Additionally, Slack is not a single document with attachments together, it’s a dynamic non-static form of information. Re-creating and expanding the comments and connecting to the links to outside content continues to be a formidable challenge when dealing with Slack for ediscovery and compliance. Additionally, just as with social media, the ability to delete or modify posted content can also create serious problems for organizations trying to preserve evidence.

Include Slack as an official data source for compliance and ediscovery

Due to relative newness, it’s not uncommon for organizations to overlook Slack in traditional preservation processes. This, however, could cause you to miss out on a treasure trove of discoverable data. Ensure that your legal, risk, compliance, IT, HR and marketing departments fully understand the tool, where the data resides, and how to get the data out, should it be needed for compliance or ediscovery processes.

Ensure that you have Slack Enterprise Grid which will give you the best options for extracting Slack data. Include Slack as an official data source, establish clear usage policies, and make sure that employees know what they are and acknowledge that they will abide by them. Just as your legal hold notifications include emails, documents and other file shares, Slack now needs to be added as a data source, and included in the custodian questionnaire within the legal hold process.

How to narrow your focus on Slack data so you know what to collect

But how do you identify relevant Slack data? Including Slack as a data source in your legal hold custodian questionnaires can help. There are channels, groups, and direct messages. Custodian responses can shine a light on where to look and help you understand where your custodians are having conversations, whether it be in channels or direct messages.

How to collect from Slack

We’ve heard this frustration from customers. To quote the Simpsons, Ralph Wiggum, it’s “unpossible,” when referring to collecting from Slack. Of course, it’s not impossible, but it’s wise to get knowledgeable help.

Social-Hanzo eBook_Hanzo Guide to Preserving and Collecting Enterprise Slack Data

Use and understand Slack Enterprise Grid

Slack Enterprise Grid is the top subscriber tier of Slack. Most large organizations use this.

The first tier of Enterprise is “Teams,” i.e. Sales, Marketing, Operations, etc. Within your subscriber account, then, understand there are multiple teams to pull data from.

Within teams, there are:

  • Channels
  • Groups
  • Direct Messages
  • Files
  • Users


All five can be treated a bit differently.

1) Channels are public channels — users can go in, read, contribute, etc.

2) Groups are channels but restricted in terms of who can join (generally they need to be invited). A group is akin to a private channel.

3) Direct messages are channels as well, but also private. It can range from just yourself to many, many people.

4) Files are downloads, documents, screen captures, etc.

5) Users are the sum total of users within your account.

It can be challenging to put all these pieces together and gain visibility around what type of business records are being created or stored. This can mean you need to take inventory to help understand the framework of the Slack data you have within your organization.

Do an Inventory Crawl

An inventory crawl goes through the Slack API at the Enterprise level and breaks down all the factors mentioned above — what teams do you have? What channels? Who is a part of direct messages?

When you combine inventory crawls with hold notices and custodian questionnaires, you have a good start of what to filter for and what to collect.

Taking an inventory of your Slack also helps you identify additional possible custodians and channels of interest.

Context is critical

Once you identify relevant data, you need “the whole story” around the subject. Slack is unique in terms of how people are communicating there, so the context behind the conversations is crucial from a legally-defensible standpoint.

Slack itself offers a download for compliance purposes, but it comes in a JSON file. If you have programmers on your team with a lot of free time (HA!), you can figure that out — but most organizations don’t have those resources readily available—making the quest for context difficult, if not “unpossible”.

You need a solution that takes the JSON data export and puts it into a native-like format that looks as similar as possible to the native Slack UI. This makes review much easier. The native-like rendering enables legal and compliance teams to import the information into their normal review process to glean insights from the contextual messages and quickly connect the dots.

Filter the data you capture

Filter by:

  • Users
  • Dates
  • Specific channels
  • Documents

There’s typically too much data in a given Slack Enterprise Grid instance to possibly analyze all of it, so you want to get the best insights you can about the data via a well-planned and well-executed legal hold process and a thorough inventory crawl to help your team target direct messages between key individuals, and identify responsive records. Remember also, that getting a natively-formatted contextual rendering of the information helps your team capture all of the information. The rendering shows the expanded view including links and their destination content— delivering the most complete data that can help speed review and enable you to use your normal review and data analysis tools.

Have questions?

We know you do! It’s OK!

Click to Learn more about Hanzo's fresh approach to Slack eDiscovery 

Empowering Legal

We know preserving and collecting Slack isn’t easy, but we make it easier for enterprises.







Related posts

Knowledge is Power: How Legal Operations Can Create Efficiency Through Intelligence

Knowledge is Power: How Legal...

Legal departments are facing higher competition and budget limitations, prompting them to seek ways to improve their ...

Read More >
Operational Excellence Through Management of Corporate Legal Departments

Operational Excellence...

The legal department of an organization is responsible for providing crucial legal support and advice to the company's ...

Read More >
Ediscovery Best Practices for Slack and MS Teams from Information Governance Through Litigation

Ediscovery Best Practices for...

Workplace collaboration tools like Slack and MS Teams have become ubiquitous in many organizations. However, they also ...

Read More >

Get in Touch to Learn More

Hanzo’s purpose-built, best-in-class solutions can help your readiness to respond to the next discovery request, investigation, or audit. Contact us to learn more.

Contact Us