Lawyers are accustomed to slow, gradual changes that unfold over months, years, or even decades. Since our legal system depends on court precedents and democratic mechanisms for regulatory and legislative change, we typically have abundant warnings before implementing anything new.
Of course, global pandemics don’t care much about the standard procedure. So, the shift to working from home in early 2020 was conceived, designed, and executed in mere days, and we’ve all been playing catch-up ever since.
One of the main changes necessitated by remote work was the rise in collaboration and communication apps like Slack. These apps, while already popular, suddenly became a critical part of organizational infrastructure. Companies have embraced Slack and similar technologies to keep their dispersed teams connected and coordinated. With the rush in finding new ways to work, many companies have skipped over their usual processes. As a result, companies may not have incorporated these new data sources into their ediscovery and information governance playbooks yet.
Just in time for Halloween, this blog explains why you need to treat Slack data like any other discoverable information—and sets out a few spooky situations that can result if you don’t.
WHAT MAKES INFORMATION POTENTIALLY DISCOVERABLE?
Rule 26(b)(1) of the Federal Rules of Civil Procedure (FRCP) defines the scope of discovery, which includes “any nonprivileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case.” The Rule further notes that information can be discoverable even if it will not ultimately be admissible in evidence.
Lawyers originally approached discovery as an exchange of paper documents. However, for the last 20 years, discovery has been mostly electronic (hence “ediscovery”), involving what is known as electronically stored information, or ESI. As long ago as 1995, Magistrate Judge Andrew J. Peck famously declared, “It is black letter law that computerized data is discoverable if relevant.” Anti-Monopoly, Inc. v. Hasbro, Inc., No. 94 Civ. 2120, 1995 WL 649934, at *2 (S.D.N.Y Nov. 3, 1995).
We’ve reviewed the requirements of relevance and proportionality on this blog before. Today’s key takeaway is that the rules don’t draw distinctions between different types of information in deciding what is discoverable.
Therefore, if there are exchanges within Slack that would be relevant to the claims or defenses of a dispute, and if you cannot demonstrate that their production would be disproportional given the size and nature of the dispute, you have an obligation to preserve, review, and produce that information to a requesting party. The possibilities here are endless, given how much people use Slack. For example, suppose you’re notified that a former employee is considering pursuing a workplace harassment claim. Slack messages from that employee’s supervisor could be highly relevant to showing how the supervisor treats similarly situated employees. Or say your company believes that a departed employee has misappropriated trade secrets about the formulation of a chemical compound, but the employee claims to have created it independently. Slack messages from that employee’s team about the development of that compound could be dispositive.
What happens if you don’t figure out how to preserve that potentially discoverable information in your company’s collaboration application?
SPOOKY SPOLIATION SCENARIOS
FRCP 37(e) provides penalties for the destruction of ESI, otherwise known as spoliation. Spoliation describes the specific situation where relevant ESI should have been preserved for litigation but instead has been irretrievably—and irreplaceably—lost due to some failure to “take reasonable steps to preserve” that information. When the court finds that spoliation has occurred, it can impose a variety of penalties. Those penalties range from curative measures to jury instructions about the missing information or even, in egregious cases, dismissal of the action (for a spoliating plaintiff) or a default judgment.
Here’s how this plays out in the real world. Take, for example, the relatively recent case of John v. County of Lake, 18-cv-06935-WHA(SK) (N.D. Cal. July 3, 2020). There, the Magistrate Judge recommended harsh sanctions for the individual defendants’ blatant and intentional destruction of emails and text messages. Notably, in this case, the defendants lied directly to the court during their earlier testimony, claiming under oath that they did not communicate about the subject of the lawsuit via text message or on their mobile phones.
But the truth has a way of coming out—and indeed, the court later learned that there had been numerous text, cell phone, and email communications between the defendants that would have been relevant but for the fact that they had been deleted. This destruction of ESI prejudiced the plaintiffs, leading the magistrate to recommend that the jury be advised about the existence of the messages as well as the manner in which they came to be destroyed. While John is about emails and text messages, there’s no reason its logic—and its penalties—wouldn’t apply equally to the destruction of Slack messages.
Or consider the hypothetical example we set out in this article. While that example was based on a real news story and not (to our knowledge) any actual litigation, it isn’t much of a stretch to imagine a scenario in which a company could be accused of failing to preserve its CEO’s Slack messages.
And whether that failure to preserve is downright nefarious, as in John, or merely negligent or accidental, spoliation can have seriously scary consequences. Sure, litigants can be sanctioned for allowing the destruction of information, but that may not be the worst thing that could happen. It’s entirely possible that the loss of internal Slack information could leave a litigant unable to establish its own claims or defenses, resulting in a loss when there should have been an easy victory.
AVOIDING THE RISK OF SPOLIATION
If your company is using Slack to manage employee communications during the coronavirus pandemic but you haven’t yet figured out how to preserve the potentially relevant and discoverable information within it, don’t wait another moment. Follow these five steps to get started.
1) UPGRADE TO A PAID SLACK PLAN SO YOU HAVE CONTROL OVER YOUR DATA.
If your organization is using the free version of Slack, you may have noticed that you can only see and access the most recent 10,000 messages (and you’d be surprised how quickly a remote workforce can get to 10,000 messages!). The free version also doesn’t provide any information management tools. By upgrading to a paid plan—we recommend Slack Enterprise Grid—you’ll have much greater control over your data. You’ll also have access to the Slack Discovery API.
2) COORDINATE WITH IT.
Does your IT department know what collaboration platforms your organization is using? This has become a particularly sticky wicket now that many employees are working from home. Shadow IT can create huge spoliation issues for companies; when IT doesn’t know what applications are in use or where employees are generating data, they simply can’t account for that data. That impairs information governance, litigation holds for ediscovery, and regulatory record-retention requirements. Make sure IT knows what you’re doing with Slack and has input on how you manage Slack data.
3) ESTABLISH CLEAR POLICIES ABOUT SLACK COMMUNICATION AND TRAIN STAFF ON THOSE POLICIES.
What’s your Slack policy? Have you reminded employees lately that their Slack messages—both in channels and in seemingly private direct messages—can create obligations for the company when it comes to regulatory and litigation actions? Be sure you’ve spelled out clear and understandable policies around how employees can and should use Slack. And you should review your retention practices, including ensuring edited and deleted messages are being preserved when required for discovery.
4) PLAN FOR LEGAL HOLDS AND THE DEFENSIBLE DELETION OF NON-DISCOVERABLE INFORMATION.
Information within Slack should be managed in the same way as other organizational data. If you have a standard schedule for record retention and deletion of business communications—and you should—you probably want to align your Slack data with that same schedule. Before you do, though, be sure you have a mechanism in place to preserve data that may be subject to a legal hold or regulatory retention requirement.
5) IDENTIFY AND IMPLEMENT A DEDICATED SLACK SOLUTION.
Slack data is unique, and it presents unique challenges for preservation, collection, and review. Most standard ediscovery tools aren’t prepared to extract Slack data in a meaningful or easily reviewed format. If Slack is a significant source of internal communications at your organization, you’re going to need a solution that’s designed to manage Slack’s JSON exports.