Most knowledge work these days demands some form of collaboration. You draft a document; your colleagues comment on it and make suggestions for how it could be better. You chat on Slack about how to incorporate those comments. You check off the task in your project management software and let your associate know that the project is ready for her to take over.
New solutions for collaboration are everywhere in modern business, including tools like Slack for communications, Jira and Basecamp for project management, and G-suite for sharing documents. Such tools are great for collaborating on work, but they’re not so great for ediscovery, regulatory compliance, and information governance. Here’s why.
WHY ARE COMPANIES USING SO MANY COLLABORATION APPS ANYWAY?
There are several reasons for the rise in collaborative platforms. First, these apps streamline and simplify communication. That can be especially important given the increase in remote work and dispersed teams. If you can’t stick your head into your colleague’s office to ask him a question, at least you can Slack him and get the same kind of quick, casual dialogue. Collaboration is also thought to improve innovation, leading to better ideas and better execution on those ideas. Then there’s the fact that the workplace is shifting toward Millennials, who have grown up with technology and expect to be able to communicate with anyone on their team, anywhere in the world, anytime.
Whatever the reasons, there’s no question that collaboration is the way to work: Slack, after years of meteoric growth, has (finally) slowed down, but it’s still grown by 37 percent since last year, reaching over 12 million daily active users. And the list of other collaboration platforms continues to explode, with new options hitting the market every day.
But as essential as these tools are in today’s workplace, they’re not perfect. While they enhance workflows and teamwork, they also create some pretty significant data management problems.
COLLABORATION PLATFORMS AREN’T DESIGNED FOR CORPORATE DATA MANAGEMENT
Here’s the thing: collaboration platforms create enormous, diverse, technically challenging data streams. They were designed around open communication, not legal or regulatory compliance. They often allow users to edit comments or delete entire entries. They’re not geared toward traditional record retention schedules or legal holds. They’re not easily slotted into existing information governance practices. Nor is the data they produce amenable to management in traditional ediscovery or compliance tools.
And with the rise of data privacy legislation like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA)—which requires companies to give consumers access to their own data within a tight time window—companies face increasing pressure to manage their data.
To be clear, we’re not criticizing collaboration app designers. You wouldn’t buy a Corvette if you needed to haul away a downed tree or pull a stump; you’d buy a pickup truck. (Or at least, a tool that is effective for this purpose.)
That said, here are the three main data management problems that collaboration apps cause.
Companies may not be retaining necessary data
What happens when you’re obligated to retain certain communications for regulatory compliance but those communications happened in a collaboration app? Where do they go? How do you capture them? Or suppose you become aware of a disgruntled employee or other potential litigation matter. You issue a legal hold for related data … but does that hold encompass communications that occurred in Slack or Trello?
Speaking of legal holds, how exactly do you define a legal hold in Slack? There are no clear “custodians” for data as there are in an email communication. Nor are communications about a single topic grouped together in any meaningful way. How exactly can you place specific relevant information on hold without holding entire channels?
This brings us to the next problem.
Companies aren’t defensibly deleting unnecessary data
When you might need to retain some of your data, but you can’t easily separate the relevant from the trivial, you might be tempted to just retain all of your data. Unfortunately, that’s not really a solution.
Indiscriminate data retention leads to tremendous data stores—which means that when you do finally get around to producing ediscovery or answering a regulatory inquiry with that information, you’ve got piles of data to sort through. The last thing you want is a review bill that dwarfs the value of the matter itself. In addition to having too much data to sort through, these data stores also increase the risk of keeping “smoking gun” evidence around long after it could have (and should have) been deleted.
But wait, there’s more!
Companies aren’t prepared to respond to data requests
At this point, data requests can come from anywhere. It might be a regulatory agency asking to see records related to a particular transaction or group of customers. It might be a litigant requesting production of documents about a cause of action. Or it might be an individual making a data subject access request under the GDPR or a consumer rights request under the CCPA.
Wherever the request comes from, companies need to be able to locate and produce relevant data quickly and efficiently. When it comes to data in collaboration apps, how will you find, preserve, export, review, and produce that information?
Many companies have taken the ostrich approach, burying their heads in the sand and ignoring data in collaboration apps. That might work for today, but it’s not a sustainable approach.
READY TO RECONCILE COLLABORATION AND DATA MANAGEMENT? START HERE
1) Determine what collaboration apps your organization is already using. Do you have policies in place regarding the implementation of new apps? What about policies governing what different apps can be used for (or can’t be used for)? Consider circulating your legal hold custodian questionnaire to several employees to see what tools they’re using to communicate with their teams about their work.
2) Study the way your employees are using the apps you’ve identified. If you have app use policies, are your employees following them, or are your policies inaccessible or too restrictive? What types of conversations are happening in which collaboration apps? Where does that data reside and who owns it? Is it accessible? Is it being retained, or is it periodically deleted?