Archive Data Protection

    How to Set Up Your Data Retention Policy for Slack

    Learn to Effectively Set Up a Data Retention Policy in Slack

    by Emily Schwenke

    Key Points

    • This blog was originally posted on the Aware website, but with the acquisition of Aware by Mimecast, we are ensuring it is also available to visitors to the Mimecast website.
    • Ensure compliance by customizing data retention settings based on your Slack subscription (Free, Pro, Business+, Enterprise Grid).
    • Use third-party tools like Aware for advanced data retention management and compliance across all workspace levels.

    Collaboration tools like Slack have revolutionized modern-day data usage and the policies for handling that data. Gone are the storage rooms lined with banker’s boxes full of paper documents. Now, data retention is digital, and tools like Slack have customizable settings to help organizations manage their data.

    What is a data retention policy?

    Data retention is the practice of storing and maintaining data for a specified period. Proper data retention policies ensure companies operate smoothly and in accordance with their industry’s standards, building customer trust.

    Strong data retention policies are necessary for:

    • Legal and regulatory compliance
    • Business continuity
    • Customer relations
    • Audits and accountability
    • Security incident investigations
    • Decision-making and analysis

    Data retention in free Slack plans

    Slack provides fixed data retention with their free subscription service. This includes:

    • Retaining all messages and files—including audio/video—for up to one year.
    • Limiting message and file visibility to the past 90 days. Viewing older messages requires contacting Slack support. Purchasing a paid plan unlocks visibility to message history older than 90 days.
    • If a message is edited, it replaces the previous version of the message. Earlier versions of the message are not saved.
    • There is no option for automated message or file deletion after a specified period on the free plan. Data deletion must be done manually.

    The lack of granular customization for retention periods and the inability to keep edit and deletion history could be limiting for organizations with more complex data retention policy requirements.

    What are the benefits of having a data retention policy?

    The digital revolution has changed the way data is created and managed. Data retention policies are how organizations assign value to data by helping stakeholders determine what’s necessary to keep and what must be purged. Retention policies are also the first step in supporting other functions, such as data loss prevention, eDiscovery, and more.

    Here are the key benefits of having a data retention policy:

    Regulatory compliance

    A robust data retention policy ensures organizations remain compliant with laws and regulations that mandate how long certain types of data must be kept. These policies help organizations avoid hefty fines and legal consequences of any compliance violations.

    Minimize data storage costs

    Storing data indefinitely can be expensive, particularly for large companies. A robust retention policy examines what data is necessary to retain and for how long, and purges the rest, which optimizes data storage and saves expense.

    Simplify audits and litigation

    Legal disputes and investigations can also quickly become expensive, particularly if it takes unnecessary time to find relevant data in a sea of extraneous documentation. A comprehensive data retention policy specifies what data is preserved where enhancing transparency during audits and investigations and enabling organization to promptly produce evidence. This reduces time, expense, and the risk of penalties for non-compliance.

    Business continuity and disaster recovery

    Companies that retain critical operational data will have access to backup files in the event of data loss, system failures, cyberattacks, or other disasters. Business may continue with minimal downtime.

    Data protection and privacy

    A good data retention policy manages data security risks, defines secure data disposal methods at the end of a retention period, and maintains compliance standards for regulations like HIPAA and GDPR, while also reducing the risk of data breaches.

    Enhanced data management

    Having good data retention provides the groundwork for excellent data management with a more organized, accessible data structure and better visibility of the data. With the disposal of unnecessary data, there’s less data to organize and monitor overall.

    What are the different message retention policies on Slack?

    Your Slack subscription will determine your retention settings capabilities.

     FreeProBusiness+Enterprise Grid
    Keep all messages—excluding edits/deletions

    Keep all messages—including edits/deletions

     

    Delete messages after a customized period—workspace-wide

     

    Delete messages after a customized period—workspace level, channel level, chat level

     

     

     


    he contrasts between the Pro and Business+ Slack subscriptions are more obvious when comparing channel management, user provisioning, and customer support. Data retention settings between the two subscriptions are not typically the deciding factor in the decision to upgrade.

    How do you create a message retention policy in Slack?

    Slack Free subscription users

    For free users, all Slack messages are retained for up to one year and are viewable for 90 days. To purge messages after a specified period, the deletion must be performed manually. To view messages older than 90 days, contact Slack support.

    Slack Pro and Business+ subscription users

    1. In the Slack desktop app, click on the workspace name in the top left-hand corner.
    2. Click “Settings & Administration” and then “Workspace Settings.”
    3. Under the “Settings” section, click “Expand” next to “Message Retention and Deletion.”
    4. Select your preferred retention option from the drop-down menu.
    5. Once your options are chosen, click “Save” and “Confirm Settings” to apply the new retention policy.

    Slack Enterprise Grid subscription users

    Enterprise Grid users have additional options because retention policies can be set at the organization level, workspace level, and even channel/direct message level.

    To set org-level retention policies:

    1. Click your workspace name, then “Settings & Administration,” and finally “Organization Settings” in your Slack desktop app.
    2. Under “Settings,” select “Messages and Files” from the left sidebar.
    3. Review and set the desired level of retention for messages and files in your Slack data.
    4. Click “Save” and “Confirm Settings” to apply the new retention policy.

    To set workspace-level retention policies:

    1. Click your workspace name and click “Settings & Administration,” then choose “Workspace Settings.”
    2. Expand “Message Retention and Deletion” and choose your preferred options.
    3. Save your changes and “Confirm Settings” to apply the new retention policy.

    It is important to note a workspace-level policy will not override an organization-level policy.

    You can also edit message retention policies in Slack using these same steps and choosing from the available options, depending on your subscription plan.

    To set channel/chat level retention policies with Slack, contact Slack support. Alternatively, data retention tools such as Aware allow you to set bidirectional and highly customizable data retention policies.

    How do you create a file retention policy on Slack?

    File retention settings in Slack are different from message retention settings in a few key ways. Free plans can only keep messages for up to one year. Options for messages on paid plans include keeping them indefinitely, keeping only the final versions of messages regardless of edits, or deleting messages after a custom period.

    Files have fewer retention options than messages. The default is keeping files indefinitely (for paid plans, or up to one year for free plans), or admins can set a custom deletion schedule. Paid subscriptions can retain copies via export, either natively or by using the Discovery API.

    File retention for all users begins with the same steps.

    1. From the desktop app, select your workspace name at the top left.
    2. Click “Settings & Administration” and then “Workspace Settings.”
    3. Under the “Settings” section, click “Expand” next to the “Messages and Files” option. The following options depend on your subscription level.

    Options for Free Slack users:

    1. Retain all files for one year. This is the default setting.
    2. Retain all files for 90 days. Files older than 90 days will be automatically deleted.

    5 different file retention settings for paid users

    1. Retain all files. Files are kept for the lifetime of the workspace with no option to customize the timeframe or delete.
    2. Retain all files for a customized period. Admins set a custom retention period, after which files will be permanently deleted.
    3. Retain all files, including deleted ones. Along with uploaded files, Slack will also retain copies of files deleted by users within the retention period.
    4. Retain all files including those deleted for a customized period. Retains all files, including user-deleted ones, but only for the retention period set by admins. After the retention period expires, all files will be purged.
    5. Legal Hold (Enterprise Grid users only). Preserves all data—including messages, files, edits, and deletions—for custodians identified for legal investigation and eDiscovery outside of workspace retention settings.

    Tailored retention settings will be determined by an organization’s data governance policies, regulatory compliance, storage constraints, and legal needs. Companies must balance the need for business continuity, compliance, transparency, and eDiscovery with storage capacity and expense.

    How do you change canvas retention settings in Slack?

    Canvases are dedicated spaces where teams can build, curate, and share information related to a topic or project. They can include anything from text ideas, uploaded files and images, rich media like videos, comment threads, and more. A canvas is a resource repository tied to Slack channels and DMs.

    Slack’s free subscription users do not have the permissions to customize data retention settings for canvas content. All canvas content for the free subscription is retained for up to one year with no delete option.

    Slack’s Pro, Business+, and Enterprise Grid users have some customizability over canvas retention settings. They can be set up with the following steps:

    1. In the desktop app, click the workspace name at the top left.
    2. Select “Settings & Administration” and click “Workspace Settings.”
    3. Under “Settings,” click “Expand” beside “Messages and Files.”
    4. Scroll to the “Canvas-specific retention” section.
    5. Choose your canvas retention options from the drop-down menu:
      1. Keep all canvas content indefinitely.
      2. Delete canvas content after a specific period.
    6. Click “Save” to apply the new canvas retention policy to the workspace.

    Enterprise grid admins may also set organization-wide canvas retention policies.

    1. Follow the above steps. Once you “Expand” the “Messages and Files” area, choose “Organization Settings.” Choose your options and save to apply the canvas retentions organization-wide.

    Of important note is that once canvas content is deleted by a retention setting, it is unrecoverable except through approved data exports for the specified retention window.

    What are the challenges to data retention on Slack?

    Slack’s data retention solutions do cover many of the basics and some of the more nuanced requirements enterprises may need. However, some limitations with Slack’s data retention settings may require users seeking more comprehensive solutions.

    There is no way to prevent channel deletion

    Whether public channels or private channels, there’s nothing to prevent channel deletion in Slack, which then deletes all messages, files, and data within that channel no matter the configured retention settings. Slack’s native tools don’t offer a recovery option.

    No automated recovery features

    Slack’s built-in features do not provide automated recovery for deleted or edited messages and files. Users must manually export data before it’s purged by the retention policy, defeating the purpose of the automation.

    Paid subscriptions are required to restore edited/deleted messages

    On free Slack workspaces, users cannot track or restore previous versions of edited or deleted messages. Companies must pay Pro, Business+, or Enterprise Grid plans to retain edit histories and restore deleted messages

    Cannot set different retention periods for different data types

    Retention options are set at the Slack workspace level or organization level but are not customizable by data type. Files and rich media cannot be held to different retention periods than messages regardless of subscription level.

    Data residency limitations

    Slack offers data residency options to store data in specific regions, but it applies to all data and cannot be tailored further to content type, channel, or conversation.

    No centralized auditing or monitoring

    Slack has no centralized auditing or monitoring capacity over data retention policies. Admins must manually track retention settings across workspaces and conversations. The more retention policies exist, the more complex this becomes.

    Many organizations compensate for these gaps by using third-party tools like Aware that handle data backup, eDiscovery, and archiving to give them comprehensive data governance, enhanced retention, and more granular retention control over content types and conversations.

    Strengthen data retention for Slack with Aware

    Aware helps enterprises manage complex collaboration datasets such as Slack. Admins can properly evaluate the value of the data they hold and assess its risk to the organization while building granular data retention policies that conform to best practices and compliance regulations.

    Using native APIs to effortlessly connect to Slack, Aware ingests Slack datasets in real-time for a record of all messages—including revisions and deletions—gifs, videos, screenshots, and other rich media. With Aware, organizations can:

    • Retain a complete record of activity within the digital workspace.
    • Adhere to compliance requirements such as SEC 17a-4, GDPR, and HIPAA.
    • Customize retention policies that can be set for different platforms and data types based on the organization’s data governance needs.
    • Make data easily discoverable through federated searches.
    • Organize data with Aware’s bi-directional purge feature that deletes data in both Slack and data storage once it reaches its appointed deletion schedule.
    • Automate data retention using Aware’s centralized platform.
    • Prevent unauthorized access to data by setting role-based access controls (RBAC) and using audit logs to monitor data visibility.

    When a highly regulated financial services company needed a unique data retention solution, they turned to Aware. One subset of employees was subject to a regulation standard different from the company’s wider roster. With Aware’s help, they set up legal holds to preserve the highly regulated data as required, and in tandem created a different rule for non-regulated employees so their data was purged as needed. Their retention needs were met with a minimum of data storage expense while keeping in compliance and maintaining strict data controls.

    Aware’s flexibility and smart workflow automations can help you take charge of your organization’s data from a centralized platform and put control and quality data governance at your fingertips. Request a demo to learn more.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page