How to Conduct Slack eDiscovery—Without Enterprise Grid

How to Conduct Slack eDiscovery—Without Enterprise Grid

In today’s era of eDiscovery, one of the most tantalizing mysteries lies behind the phrase “(edited)”. That’s the message the enterprise collaboration software Slack appends to any communication that has been, well, edited.

Over the past years, Slack has become a favorite tool in the SaaS grab bag for modern workplaces, and in light of its recent $27.7 purchase by Salesforce, it’s more relevant than ever. In fact, over three-quarters of all Fortune 500 companies utilize the channel-based messaging platform, which boasts over 12 million daily users. And while a Searchable Log of All Communication and Knowledge can provide an avalanche of benefits to any company, Slack’s data has begun to show up in the courtroom, as often candid evidence for litigators who know how to find it.

Slack eDiscovery presents a mouthwatering opportunity for attorneys. When utilized in discovery, Slack data can be some of the richest and most revealing information out there.

“If a producing party isn’t on Slack’s Enterprise Grid, they won't have access to Slack’s Discovery API. But that doesn’t mean they can’t collect and review Slack data.”

Consider that a single workspace can generate thousands of messages, notifications, and documents every day. And while individual users have the power to edit and delete their own messages, Slack keeps a permanent record of that information. So even though users in the channel can only see the most recent version of a particular message—along with the tag “(edited)”— all previous iterations of that message can be produced in discovery by way of a Slack data export. That could end up unveiling the smoking gun you’re looking for.

This example barely scratches the surface. The art of Slack eDiscovery can unearth some valuable gems, but it requires you to navigate a host of unique obstacles. For instance, if a producing party isn’t on Slack’s Enterprise Grid plan (Slack’s highest-priced tier), they will not have access to Slack’s eDiscovery API. But that doesn’t mean they can collect and review Slack data.

Here’s how to conduct Slack eDiscovery in such cases.

How Slack’s Plan Type’s Impact Access for eDiscovery

Slack currently has four different plans. In order from cheapest to most expensive, those plans are: Free, Standard, Plus, and Enterprise Grid. There are a host of different features that vary based on the plan type, but for the purpose of conducting eDiscovery, these are the main differences to consider.

Retention Settings: Determining What Data Is Available

The default setting on Slack is to retain everything forever. For free users, that can’t be changed. However, Standard, Plus, and Enterprise Grid plans allow workspace owners to customize data retention settings, meaning they can make it so that messages and files are automatically deleted after a certain number of days.

Retention settings can be set across a company, across individual workspaces, or by channel. Owners can even let individual users set their own retention policies.

Data Exports: What You Can Export, By Plan Type

All admins (i.e. Workspace Owners and Org Owners) can freely export data from all public channels. But for most Slack accounts, that data will not include private messages between users, communications sent in private channels, or deletion and edit logs.

Outside of Enterprise Grid users, only customers on the Plus plan can apply for access to the Slack tool that allows them to freely export data from private channels and direct messages.

Free and Standard users can still obtain data from these other channels, but they must contact Slack directly and prove their request is part of a valid legal process in order to do so.

In addition to these restrictions, account owners and administrators have limited control over what is included in their export, allowing you to limit data exports by date range and little more. For most users, an export will include all available workspace data over a selected time frame.

"For most users, an export will include all available workspace data over a selected time frame."

For example, if a producing party is on the free Slack tier, they will be able to easily export data from public channels, limited by date range. But all public data will be exported.

So, how do you actually get the data once you need it?

To initiate an export, have the account owner or workspace administrator visit their workspace settings, then select “Import/Export Data” in the top right. From there, they can select the data range of data to be exported.

If data from private channels and direct messages is needed but not easily available due to plan type, contact Slack directly with documentation showing either valid legal process, or consent of members, or a requirement or right under applicable laws.

How to Review Slack Data in Investigations and eDiscovery

Standard Slack exports arrive in the form of JSON (Javascript Object Notation) files. These files are delivered in a ZIP file and organized into folders, with each folder representing a channel in the workspace. Those folders or channels are further broken down into individual JSON files—one file for each day of messaging.

Not only are JSON files basically illegible on their own, but they come in batches of hundreds or potentially thousands. Tracking conversations across days or across channels, without the proper tool, would be nearly impossible for most users. Slack claims that “your engineering team will know what to do” with them, but that simply presents another arduous undertaking for you and your team.

Fortunately, there are a few platforms out there that are designed specifically to upload this data and render it in a format that’s easy to view. Logikcull goes a step further by making that data instantly searchable by keywords, custodians or users, date ranges, channels, or more. You can see it in action right here:

Slack data has made a grand entrance into the world of eDiscovery, and it’s not going away any time soon. Any attorney or team that’s not incorporating this information into their discovery strategy is missing a litany of key opportunities, but learning the ins and outs of this burgeoning process can put you firmly at the head of the pack.

4,500+ legal professionals love our newsletter, where they get the latest tech and discovery news, case law, best practices, and more!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Follow Logikcull on social media

Logikcull + MS365

Logikcull integrates seamlessly with Office 365 for incredibly fast, always reliable cloud-to-cloud eDiscovery.

logikcull + ms365

Related articles

New in Logikcull: Slash Your Review Set 25% With Inclusive Email Detection
New in Logikcull: Self-Serve Archiving, Even Easier Legal Holds, Database Import Detection, and More!
eDiscovery Data Migration: The Easiest, Fastest, and Most Secure Way To Do It