How to Collect, Preserve, and Export Slack Data

An organization’s control over its Slack data is an important aspect of its information security posture, particularly with Slack changing the data retention period from indefinite to one year for the free subscription tier. Businesses need to preserve the workspace data in their collaboration tools for many reasons, including compliance, eDiscovery, litigation, internal investigations, audits, backups, or migrations to other platforms.

Slack’s import and export tools

Slack offers import and export tools for users of every subscription level, but there are restrictions based on account tier and applicable laws.

Slack importing capabilities

Importing into Slack is available to workspace owners on the Free, Pro, and Business+ Slack plans. It works for merging workspaces (public Slack channels only), importing CSV or text files, or exporting from certain third-party app integrations.

Slack exporting capabilities

Limitations

• Free and Pro plans cannot export private channels or direct messages without special permission.
• File contents are not included in exports, only links, except in rare instances.
• Exports from workspaces with Slack Connect channels only include files shared by members of your workspace.

The Process

Workspace owners and admins are the authorized Slack users who can initiate exports. For a full export, including private data sets, owners must apply to Slack support. Business+ and Enterprise Grid accounts can apply for a self-service tool to manage their own exports, while Pro and Free account owners must show valid legal process, member consent, or applicable law allowing a full export, which is then administered by Slack.

Users should be aware of the privacy laws and corporate policies that apply when exporting certain data sources, and that modifying export files before imports may cause issues.

Standard Slack exports: what’s included?

When an export is administered by Slack, or through the self-service tool for Business+ accounts, the following limitations apply:

Additionally, these exports cannot limit data sets to specific channels or users. That feature is only available for Enterprise Grid subscribers. Standard exports may result in larger exports due to this limitation and increase the time it takes to analyze the data. Granular control over exports is one of the Enterprise Grid subscription’s advantages.

For exporting private channels and direct messages, Business+ and Enterprise Grid plan users can export the data using the self-serve data tool, provided the reason for the export fits the following criteria:

• In response to legal processes
• Members have consented
• The company has a right to the data being exported under applicable law

Using the Slack Discovery API

Slack’s Discovery API is a powerful tool that allows customers to access and export comprehensive data from their Slack workspaces.

• It is available to Slack Enterprise Grid plan customers.
• The tool gives Slack admins the ability to export all Slack messages from public channels, private channels, direct messages, and files.
• Discovery API captures deleted messages and message edit history.
• Allows for targeted exports based on granular criteria, which supports DLP and Slack eDiscovery solutions.
• Single-user channels and conversations can be exported in TXT format.

Limitations

• Exports are in JSON format by default.
• Provides only links for downloading files, not the files themselves.
• Only files sent by members of the Enterprise Grid organization can be edited or deleted via the API.
• Export content is limited by workspace retention settings.

Overall, the Discovery API tool offers flexible data access when compared with standard exports.

What to know about exporting collaboration data from Slack

Data Retention Policies on Slack

Free plan users have data visibility for 90 days. Data up to one year old is still available but most be requested from Slack. Older data will no longer be retained (beginning in August 2024).

For all paid subscription plans, user data is retained for the lifetime of the workspace, although visibility of historical data may depend on Slack plan.

Customizable retention settings are available at all plan levels and can be set at the workspace, channel, or conversation level. Options include:

• Keeping data indefinitely.
• Purging data after a set number of days.

Enterprise Grid admins have more granular control over data retention policies, with the ability to set organization-wide rules and legal holds to preserve data for specific users.

Data retention is an important consideration for regulatory compliance, legal proceedings, risk management of sensitive data, information governance, business continuity, privacy, and cost management.

File retention can be set separately from message retention.

Roles and Permissions

Some Slack data exports are tier and role-dependent to further protect sensitive and personal data.

Retention Schedules

• Free plan: File links are available for 90 days.
• Paid plan: File links are available indefinitely.

Scheduling Frequencies

Any paid plan may request a one-time export, to be initiated at the time the request is made.

For Enterprise Grid subscribers, more frequent options are available. Exports may be run automatically once a month on a specified date, once a week on a specified day, or daily, initiated every 24 hours.

Enterprise Grid users may also request customized frequencies to fit their needs or use the Discovery API to connect a third-party export and archiving tool like Aware.

In some instances, incremental exports are also possible. Full exports are available for all paid plans, but incremental exports are only available at the Enterprise Grid level.

Slack’s multiple account types impact which level of export is available, so businesses requiring more robust export needs will need to choose accordingly.

Data Formats and Editing

Collaboration in Slack occurs in public and private channels, in direct messages, through comments on messages and files, in emoji reactions, and more. The variety and volume of data generated can be complex and substantial to parse.

The data can also be edited by users after its original posting.

Businesses that need to process data at this level of granularity, e.g., for legal discovery purposes, can use third-party applications to integrate with Slack to streamline legal workflows and eDiscovery.

JSON Formatting

Slack exports are returned in JSON (JavaScript Object Notation) format. While JSON is efficient for data storage and transfer, it can be challenging to read and understand for a few reasons:

• Lack of context. JSON exports don’t return a visual context of conversations, making it difficult to read and understand the flow and timing of messages.
• Limited formatting. JSON doesn’t preserve rich text, making it harder to parse the emphasis or structure of messages. Emojis and custom reactions are also not obvious.
• Complex for non-technical users. Legal teams and other laypeople may struggle to navigate JSON files that require certain knowledge or additional tools to read effectively.
• No built-in search function. It’s challenging to locate specifics in conversations or custodians without additional processing of the export.
• Time-consuming analysis. Large JSON files can take days or weeks to understand, and they may require custom scripts or tools to extract relevant information.
• File handling. Exports contain file links, not the files themselves, which require additional steps to access and review.
• Metadata complexity. Extensive metadata can be overwhelming for users and bury relevant messaging content in less important data.

Why businesses use Mimecast to preserve and export Slack data

Aware is a trusted Slack partner, helping businesses take better ownership of their data and ensure more comprehensive data governance. Aware connects to Slack via native APIs and webhooks, which enables organizations to overcome some of the challenges with Slack’s existing export capabilities. With Aware, companies can:

• Ingest a real-time record of all messages, including revisions and deletions, and secure them in an immutable archive.
• Perform enhanced federated searches for quick sorting and surfacing of Slack messages to speed internal investigations and support compliance.
• Maintain granular data retention from a central dashboard, which bidirectionally connects to Slack’s native retention settings and provides key access to data owners and admins.
• Secure data retention over Slack Connect, a crucial data security position for organizations collaborating with external contractors and partners.
• Streamline the eDiscovery process by delivering exports in more accessible formats rather than complex JSON outputs.
• Set automated legal holds for litigation purposes or regulatory need.
• Detect sensitive data and confidential electronically stored information in Slack and set smart workflow automations for data loss prevention policies to minimize data risk and address insider threats.
• Organize and manage the collaboration ecosystem from a centralized management platform to simplify data governance across the organization’s entire ecosystem.

With Mimecast, companies can keep their fingers on the pulse of their organization’s Slack data. Request a demo today to get started.