Is your organization required to archive its communications to comply with the laws, rules, and regulations that govern your industry? If so, the shift to remote work and the new business communications technologies like Slack for at least some of your internal and potentially external business communications may present a fertile new channel for consideration.

The question is, do you need to archive the data you’re generating within Slack to maintain regulatory compliance? 

As aggravating as this will sound, it depends. 

Whether you’re obligated to archive the business communications in your organization’s Slack depends on something we can’t know while we’re writing this blog. Answering it requires asking two additional questions: 

• What regulatory standards is your organization subject to?
• What communications occur within your organization’s Slack platform? 

While it wouldn’t be realistic for us to tell you what to do without knowing the answers to those two questions, the good news is that all of these answers are within your reach. Here’s how to decide whether you need to archive Slack data for regulatory compliance. 

What Compliance Obligations Might Require You to Archive Slack Data? 

Any question about compliance always begs yet another question: compliance with what? 

The standards you’re required to comply with largely depend on your industry. Financial services companies are beholden to archiving standards set by FINRA (the Financial Industry Regulatory Authority) and the SEC (Securities and Exchange Commission). Companies that operate in the EU may be required to comply with its General Data Protection Regulation (GDPR). In contrast, California companies may be governed by the California Consumer Privacy Act (CCPA). Companies in all industries may have an obligation to archive information under the Federal Trade Commission (FTC) and its truth in advertising requirements. 

Think broadly about your compliance obligations and whether they’ve changed or might change soon. Are there new privacy standards that you should be prepared to fulfill? What data might you have previously overlooked that you should start to archive? 

What Conversations Are Happening in Your Slack Application?

What are people using Slack for within your organization? This second question is easy to brush past, but we urge you to dig a little deeper and investigate your Slack application before assuming you know the answer.  Your use of Slack may have started as a forum for business-related inquiries, only to gradually morph into a primarily social chat platform—or vice versa. 

Don’t rely on your memory or the last data survey you did, especially if you haven’t purposefully explored Slack since the onset of the pandemic. Is your human resources team using Slack to discuss or share potentially private personal data? Are your business units chatting about customer inquiries on Slack? Have brokers created Slack channels to communicate directly with customers? Are you using Slack Connect to have conversations with partners or outside vendors? With teams working remotely, have new communications moved onto Slack? Is your human resources team using Slack to discuss or share potentially private personal data? Are your business units chatting about customer inquiries on Slack? Have brokers created Slack channels to communicate directly with customers?

It’s helpful to compare Slack to other communication channels when thinking about compliance obligations. If you would be required to archive a conversation over email, then you’re also obligated to archive that conversation when it happens on Slack. 

Additionally, over the last few years, it’s become apparent that courts consider Slack data to be discoverable— and regulatory bodies will, too, if they don’t already. The expectation that companies will produce Slack data when regulators ask about it won’t be far behind. 

An Easy Way to Archive Slack Data

Once you’ve taken a fresh look at your compliance obligations and examined your Slack application for data that might fit within those standards, you’ll be able to answer—definitively—the question of whether you need to archive Slack data to maintain regulatory compliance. 

Of course, if you decide that you need to archive your Slack data, the next question is: how?

You may be tempted to leave data within Slack. After all, if you ever need it, it’ll be there, right? There are a few problems with that approach. First, if you’re on a free plan, you won’t be able to access anything beyond your most recent 10,000 messages—and you’d be surprised how fast an organization can generate 10,000 messages. You also need to ensure that individuals can’t delete or modify their Slack messages and that your data retention standards aren’t automatically deleting data that you’re obligated to retain. 

The bigger problem is that data trapped within Slack doesn’t do you any good when a regulatory agency asks you for it. Archiving for regulatory compliance doesn’t just require that you safely store data; it also demands that you produce specific data when requested. Utility deems that compliance teams can search for relevant data and export it in a commonly accessible format that presents full context.

[View source.]