SOLUTIONS

For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance


For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →

Integrations

Connect Aware to the tools you already use to have all your company messaging in one place.

LEARN MORE →
Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications
Flashlight

Signal

Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →
Chat_Search

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →
file_lock

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →
Growth

Spotlight

Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →
AWR-2022-HBRA-LandingPage-Visual

What's in your data?

Calculate my results →

Company

About Aware

Our leadership, our company

Careers

Explore open roles with our remote-friendly, global team

Partners

Driving customer value, together

Press Releases

Digital workplace news and insights

Customers

How Aware customers streamline operations, reduce risk, and boost productivity

Security

Data security partners & certifications

Contact

Get in touch with us

Aware-BPW-Company-Nav

10 Reasons Why Aware is a Top Place to Work

Learn more →

Resources

Access reports, webinars, checklists and more.

Explore →

Blog

Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →
Menu

How to Create and Edit Legal Holds for Slack

by Aware

The ability to preserve and retain data in collaboration tools like Slack is essential for organizations responding to legal actions or performing early case assessment. In this article, we review how to perform legal holds in Slack and how to create policies that support search and eDiscovery in this complex data set.

Contents

 

What is a Slack legal hold?

Over three-quarters of the Fortune 100 use Slack and need the ability to collect data and perform legal holds in the platform. The legal hold process may require legal officers to preserve Slack data, export data from a channel, or open an investigation on shared channels. Data preservation is also essential for compliance purposes, especially in highly regulated industries. Companies performing internal investigations of employee conduct may also find legal holds valuable.

Legal holds in Slack preserve messages between users in an immutable way to secure evidence. Legal holds retain many attributes of Slack messages, including:

  • Participants in conversations
  • Timestamps
  • Contents of conversations
  • Any edits or deletions that have been performed
  • File sharing between custodians
  • Sensitive data sharing
  • Employee conduct through messaging

Failure to implement and comply with legal hold requirements can mean serious consequences, including spoliation, evidentiary and financial sanctions, and even adverse judgments.

information governance for slack

Webinar: Your information governance checklist for enterprise collaboration

The legal hold feature is available to Slack Enterprise Grid customers, allowing administrators and legal teams to place legal holds on select Slack channels, messages, users, and files to ensure data preservation that custodians cannot alter or delete. Through Slack legal holds, organizations develop and maintain a defensible process for protecting ESI in the event of litigation, audits, or regulatory compliance procedures.

What happens when you create a legal hold for Slack?

Messages, files, or other data from Slack associated with legal holds are preserved in an immutable archive—including edits and deletions—and become available as JSON files for litigation procedures, audits, and investigations.

Once the legal hold is placed, it overrides active data retention and deletion policies. Only if and when the hold is released will that data be repositioned for deletion.

Organizations that use Slack plans below the Enterprise Grid level, or that need legal holds preserving file data beyond Slack and from other collaboration tools, will need to use a third-party eDiscovery solution.

How do you create a legal hold for Slack?

To create a legal hold from Slack data, perform the following steps:

  1. Legal Hold Settings—Log in to your Slack workspace and click on your name in the sidebar. Select “Tools & Settings” and navigate to “Organization Settings.”
  2. Security­—In the left sidebar, click “Security,” and then select, “Legal Holds.”
  3. Create the Legal Hold—Click the “Create Legal Hold” button to begin. Name the hold to match your organization’s naming conventions and provide an optional description.
  4. Choose Conversations—Select the messages and files from all conversations the custodians are part of, or just the direct messages. This is also where you’d opt for a date range if you have one.
  5. Add Custodians—Click “Add Custodians” to choose specific Slack users for the exact data you’d like to preserve according to your legal hold’s parameters. Each legal hold is limited to 1,000 custodians. If necessary, create multiple legal holds.
  6. Save the Legal Hold—After configuring the settings to your parameters, click “Save” and the new legal hold is in place.

How do you create a canvas retention or file retention policy in Slack?

In addition to text, images, and gifs, Slack users can also share files or work directly in Slack using canvas, a tool that provides a central location to store content within each channel and message set. Both files and canvas documents may also need to be retained during legal holds, although the capabilities of doing so vary depending on account tier.

To perform file or canvas retention in Slack:

  1. Click on the workspace name in the top left of the Slack homepage.
  2. Select “Settings & Administration” or “Organization Settings” in the menu.
  3. Choose “Messages and Files” or “File Retention and Deletion.”

Once in the file retention section, there are differing options based on your Slack subscription level.

Slack Free Users can:

  • Keep files for up to one year, after which they are purged by Slack.
  • Keep all files for 90 days, after which Slack will permanently delete them, including those shared from third-party apps.

Slack Pro, Business+, and Enterprise Grid subscribers can:

  • Keep all files indefinitely, including deleted files, for the lifetime of the workspace.
  • Keep all files for a specified number of days, after which they are permanently deleted.
  • Customized file retention settings. Enterprise Grid subscribers can custom file retention policies at the organization-wide or workspace-wide level.

No matter the file retention settings, deleted files and canvas documents may still be accessible directly from Slack even if they’re removed completely from the workspace.

How do you edit or release a Slack legal hold?

There are limitations to how a legal hold can be edited. Certain edits may be performed, such as adding custodians to an existing hold, but in some cases, you may need to create a new hold.

To edit a legal hold:

  • Click your workspace name in the sidebar on the home screen.
  • Under “Tools & Settings,” click on “Organization Settings.”
  • Click “Security,” and then select “Legal Holds.”
  • Click the three dots icon next to the legal hold you’d like to edit.
  • Select “Edit details” to make changes, such as the name of the hold, description, or custodians.

What you may not change are the date range or conversations or channels included in the hold. For those edits, you’d need a new legal hold.

To release an existing legal hold:

  • Click your workspace name in the sidebar.
  • Under “Tools & Settings” click on “Organization Settings.”
  • Click “Security” and then select “Legal Holds.”
  • Select the three dots icon beside the legal hold you’d like to release.
  • Select “Release” to stop preserving data under that legal hold.

Once the legal hold is released, normal retention policies resume.

To reactivate a legal hold, simply return to the three dots icon beside a released legal hold and select “Activate.” The legal hold will resume.

What are the drawbacks of using legal holds in Slack?

Slack users may run into challenges with legal holds and the eDiscovery process.

First, legal holds are only an option for Enterprise Grid customers, the most expensive paid plan. Lower tiers only have file retention policy options.

Data volume is the next big challenge. As of 2019, Slack had 12 million active users. When 100 employees send more than 34,000 messages a month, you can imagine how much data volume that creates. Storing data at this level can be a costly undertaking.

Despite the mandate that legal holds preserve data in its entirety, there are gaps. Slack’s legal holds do not include Slack Connect channels or from direct messages with external users, meaning Legal officers may miss important information and conversations.

Slack’s legal holds preserve data in place, but analyzing the data is not so simple. The data is exported into complex JSON file formats, which are difficult to parse and understand.

Legal holds are meant to preserve evidence during eDiscovery and litigation proceedings, but even with a hold in place, there’s the potential for data spoliation. Slack users, depending on their admin settings, can still delete entire channels, which can mean data loss. Additionally, with Slack Connect, where two organizations collaborate through the platform, there’s a question of data ownership. If one organization places the legal hold, and the other’s data retention policies select some of the files for deletion, the legal hold will only preserve the first organization’s data. The conversation will appear one-sided. Both org owners must place legal holds over the data to properly preserve it.

whitepaper slack risk management

Whitepaper: How to mitigate data risks in Slack

How to create a companywide Slack policy that aids eDiscovery

To avoid employees using Slack in an ad-hoc way that creates data silos or otherwise makes data preservation difficult, establish clear Slack usage policies. This will make eDiscovery, legal holds, and compliance audit logs much easier to set up.

Guidelines for creating a Slack acceptable use policy

First, lay out your ground rules for when to use Slack versus other communication platforms. It’s also a good idea to specify when communications are better as DMs and when public channels are preferred.

Consider data access, permissions, and preservation wherever possible. Be clear where the organization can and will oversee Slack conversations and content for legal, compliance, and investigative purposes. Also, outline data retention and deletion schedules and how they’ll affect Slack usage.

When it comes to compliance and governance, include guidelines on sharing sensitive and confidential information. If your organization is highly regulated, be sure your employees have the tools necessary to perform their duties without jeopardizing sensitive data by sharing it inappropriately in Slack. For those overseeing Slack, specify their roles and responsibilities, including who can configure settings and manage members.

Read more: 6 critical digital workplace risks and how to overcome them

With training and enforcement in mind, give all employees thorough and proper training on Slack acceptable use policies. Ensure your Slack environment remains aligned with company policies through training updates and policy enforcement.

These measures allow organizations to fulfill data preservation needs for eDiscovery and compliance regulations with fewer pain points.

Streamline data preservation for Slack with Aware

For those areas where Slack’s eDiscovery is still difficult or less user-friendly, Aware can help. Aware is the only Slack vendor approved for eDiscovery and data loss prevention, and a GovSlack trusted partner capable of delivering on legal, compliance, and regulatory requirements.

Aware provides federated search, archiving, compliance monitoring, and people insights using proprietary natural language processing (NLP) and machine learning models that analyze Slack messages in real time. With Aware, your organization can:

  • Place one-click legal holds and preserve data for eDiscovery and investigations.
  • Prevent data spoliation thanks to real-time data ingestion that collects a complete record of all data, retaining context as well as preventing editing/deletion.
  • Save time—searches take minutes, not hours or days, thanks to real-time data and custodian-based batch collection.
  • Search the data more accurately and thoroughly with filters that make the information easily discoverable.
  • Maintain complete control over privileged data with features like audit trails, role-based access, and message visibility controls.
  • Integrate with your existing Slack platform and other legal workflows using Aware’s user-friendly and compatible interface and centralized dashboard.
  • Set Aware’s customizable and granular retention policies for different platforms and data types as well as different sets of people and channels specific to legal or compliance as needed.

Aware makes file retention for compliance easier without making highly regulated employees feel excluded. Read the case study to learn more.

With Aware, legal officers can perform faster, more effective eDiscovery and legal holds in Slack. Contact us today to learn more.

Aware demo request

Topics:Slack Messaging