If your organization uses Slack for business communications, how are you preserving Slack data for potential litigation?
Until this year, there was only one way to guarantee the preservation of Slack data: by collecting it to an external repository. Now, though, Slack has launched Slack Legal Hold, enabling in-place data preservation.
But how does Slack Legal Hold work? What should users watch out for? And what best practices do other ediscovery professionals recommend for managing Slack data?
We explored all of these questions in a recent Hanzo webinar, “Three Things You Need to Know About Slack’s New Legal Hold.” Moderated by Brad Harris, Hanzo’s VP of Product, the webinar featured Max Baez, Product Manager at Slack; Jessica Abud, the Manager of Corporate Litigation at IBM; and Will Anderson, Senior eDiscovery Analyst for Uber.
Here’s what we covered.
Challenges of Slack Ediscovery
Before discussing how to preserve Slack data, we set the stage with a predicate question: should a reasonable scope of discovery include Slack data? If it isn’t, there’s no obligation to safeguard that data, rendering tools like Slack Legal Hold unnecessary.
In the past, legal teams may have put off dealing with Slack ediscovery because no one was directly requesting Slack data. But bear in mind that ediscovery is constantly evolving to keep pace with changes in technology. The transition to remote and hybrid work has accelerated the use of collaboration tools such as Slack. Now, conversations about business issues may happen primarily over Slack instead of on email. With organizations increasingly conducting their business on Slack, it’s only a matter of time before Slack data is routinely requested and produced in ediscovery.
Unfortunately, there is another reason organizations have been slow to incorporate Slack data into their ediscovery workflows: it can be surprisingly tricky to work with. Slack data poses several challenges for ediscovery professionals, such as:
- an immense volume of data subject to limited—or no—information governance practices;
- casual, fragmented, and visual communications that are difficult to understand outside of their original context;
- dynamic data organization with threaded conversations, edits, and message deletions;
- complex data with numerous formats, application integrations, and attachments; and
- an export format that’s unwieldy at best and outright indecipherable at worst.
The advent of Slack Legal Hold and other preservation tools means that organizations can alleviate some of these challenges by implementing more stringent information governance practices for their Slack data.
How Does Slack Legal Hold Work?
We were lucky to have a Slack insider joining us for the webinar. Max Baez walked us through the basics of Slack’s new Legal Hold capability, which allows Enterprise Grid customers to place specific users on hold. The result is saving all of the messages and files from DM’s and channels that the custodian has been a member of, regardless of the organization’s general retention policy for those conversations. Max clarified that Slack’s holds are user (i.e., custodian-based), not channel-based, as well as some of the other limitations of Slack Legal Hold that are important to know.
Slack Legal Hold requires the designation of a new role, the compliance administrator, who is then authorized to initiate, edit, view, or release legal holds. Further, a compliance administrator can then view all current holds from the Slack Legal Hold dashboard, including the custodians on hold for each.
To create a hold, the compliance administrator must enter a name for the hold and assign at least one custodian to be placed on hold. Legal holds may or may not use a specific date range, although Max cautioned that a date range can not be modified once it is set for a hold.
Slack Legal Hold operates by suspending the organization’s retention policy for Slack data. When a hold is released, the retention policy again applies—and if the hold were retaining messages that have aged out of the organization’s retention policy, Slack would allow those messages to be deleted.
So, what did our other panelists have to say about Slack Legal Hold?
Best Practices and Key Takeaways for Slack Ediscovery
Jessica Abud underscored the importance of implementing a retention policy for Slack data. She described how her organization “discovered that we still had every chat from years ago when we first started using Slack.” The company responded by designing thoughtful retention policies.
“Companies need to think about how long they need to keep data and what purpose their data is serving,” she advised. Data that is no longer valuable to the company should be removed.
Will Anderson agreed that retention policies play an essential role in limiting data volume.
“Most channels are not going to be relevant to specific discovery requests, so being able to cull and exclude data from various channels is critical. Organizations should be mindful of how they’ve created and honed their retention policies so that they’re clear on what they need to preserve and what they don’t.”
Both Will and Jessica appreciated the flexibility and rapid responsiveness that Slack Legal Hold gives them in preserving Slack data broadly and collecting only as needed. As Jessica said, “Organizations can empower their ediscovery analysts to place a hold at the first moment that litigation is anticipated with the preserve-in-place function.” Once data is preserved in Slack, she recommended that ediscovery professionals work closely with counsel to limit collection, thereby avoiding the cost associated with exporting and reviewing extraneous Slack data.
If you’d like to learn more about the new Slack Legal Hold check out the webinar, which is available on demand. We cover all of these topics in more detail, including a few situations where collecting to preserve is a better strategy.