If your organization is using the collaboration application Slack—joining the ranks of its 10 million daily active users, including 65 companies on the Fortune 100—you might be surprised to learn just how much relevant business data is contained within its messages. From project discussions and client notes to interpersonal communications that might demonstrate a pattern of harassment (or, hopefully, not), Slack is packed with the internal chatter that used to occur primarily over email.
But how do you manage the data within Slack? What do you do with it? How long do you keep it, and how do you keep it? How do you maintain Slack messages that are potentially relevant to pending or likely litigation—and how do you access those messages for ediscovery review?
For information within Slack, as for other types of business information, you may feel like your data is the rope being yanked around in a game of tug-of-war between information governance and ediscovery.
Fortunately, there’s a way to extract value from your Slack data while minimizing the risks it poses—but you have to go outside Slack to find that solution.
Slack Is Full of Valuable—and Risky—Business Data
A large portion of the conversations that the people within your organization used to have over email have likely migrated over into Slack. And, as with email and its myriad attachments, not only is there raw information contained within individual Slack messages, but Slack also seamlessly incorporates a wide range of file attachments. What’s more, Slack allows integrations with a host of other apps, from document repositories like Google Drive, Microsoft OneDrive, and Box to project management tools such as Trello and Asana and even communication tools like Zoom.
Image credit: Slack
The bottom line is that there’s a plethora of data of all types hanging out in your Slack application. Some of that data has clear business value: it may show exactly how and when an intellectual property asset was developed or demonstrate an individual’s knowledge about a problem or a situation that’s relevant to an ongoing litigation matter. Other data—conversations about lunch, long-running jokes, or the back-and-forth negotiation of scheduling a meeting—has little or no value to the business (or, for that matter, to anyone else).
Similarly, the longevity of that value varies. Some data has an evergreen value, such as information about a study supporting the therapeutic benefits of a pharmaceutical product. Other data, such as information about an individual employee or document, has only a time-limited or short-term value.
At some point, all data—from the perpetually priceless to the irretrievably worthless—poses some level of risk. If nothing else, maintaining gigabytes and terabytes of low-value data needlessly drives up the cost of ediscovery.
This conflict between the value of data and the risks posed by that data sets up a tug-of-war between the goals of information governance, on the one hand, and ediscovery, on the other.
Balancing the Goals of Information Governance and Ediscovery Concerning Data’s Value and Risks
It’s an oversimplification, but the overarching goal of information governance is to get rid of data as soon as its purpose has been served and its value extracted. If ediscovery weren’t acting as a counterbalance, no data would be preserved once it had been analyzed and stripped of useful business knowledge. In the view of information governance, most data imposes unacceptable burdens, including the risk of security breaches and informational leaks, the time wasted organizing and searching through excessive amounts of data, and the cost of storage.
By contrast, ediscovery professionals err on the opposite side of the spectrum, preferring to preserve practically all data for practically forever. It’s true that the costs of data storage and ediscovery processing and review are indisputably linked to data volume, driving up costs for every additional gigabyte of data. But those who practice ediscovery find the risks of data loss or spoliation—and the attendant sanctions, which can range from monetary penalties to outright dismissal of a case or claim—to be higher.
To be clear, there are limits on what must be preserved in anticipation of litigation. Discovery only encompasses information related to reasonably anticipated claims, and the quantity of that information should be proportional to the value of the claims. Information that has been defensibly deleted before any trigger event occurs to initiate the duty to preserve is not subject to spoliation sanctions—though an organization may still have to defend its processes and explain when and why it deleted certain information. It’s enough to make ediscovery professionals gun-shy about data deletion.
And when we’re talking about Slack data, there’s an added complication: Slack data, unlike email data, is unstructured, making it difficult to access, scope, or review in the context of ediscovery. That’s why you need to have a dedicated playbook for managing ediscovery with enterprise Slack data.
So, how can you reap the value of the data your organization holds within Slack while effectively managing the risks of either keeping it too long or not keeping it long enough and inadvertently spoliating it? Do you pull too far to the data deletion side, getting rid of nearly everything and risking a spoliation claim, or do you keep nearly everything, driving up your data costs and especially your ediscovery review costs but minimizing the risk that you’ll accidentally delete something relevant to pending litigation?
This is where it can feel like your organization is playing a game of tug-of-war between information governance and the ediscovery team or the entire legal department—and your Slack data is the rope.
A Better Approach to Managing Slack Data
The thing is, Slack has created internal data-management tools that solved for the information governance problem. Slack now allows users to set a data retention period, after which messages are automatically deleted. This limits the risks of maintaining outdated data and manages data volumes. But that tool didn’t solve for the ediscovery problem at all. Slack still doesn’t support any targeted message-preservation efforts; you can either have data retention on, keeping all of your Slack messages, or you can have it off, deleting everything beyond your set time limit. To be clear, that’s not even a complaint about Slack—it’s been designed as a collaboration tool, not an ediscovery or information governance tool. It’s a simple fact that no tool does everything—you can have a perfectly good Dremel multi-tool that’s great for cutting and grinding and polishing, but that doesn’t make it a good hammer.
That’s why we designed a specialized technology, Hanzo Hold, that allows users to implement legal holds and preserve potentially relevant data outside of Slack, in a separately maintained archive. With your discoverable data safely secured, you can set your data-retention period to whatever you choose, managing the risk of maintaining outdated information without running afoul of ediscovery obligations.
Don’t ask a collaboration tool to do the job of an ediscovery tool. Stop the tug-of-war between information governance and ediscovery with Hanzo Hold.