Internal data retention policies for Slack and similar services has been a popular topic for TechGC members recently. In response, we conducted an informal survey of our members regarding their policies and the results from approximately 50 responses are summarized below.
- Survey Demographics. The majority of respondents are from either Series B or Series C+ venture backed companies with the vast majority using Slack (as opposed to other chat services).
- Industry standards are still emerging. Most respondents indicated that they do not currently have specific policy or are relying on default Slack settings, but are either actively working on one or intend to do so in the near future.
- Wide variance in policies. Of those respondents who do have such a policy, the retention period varies widely ranging from as little as 2 days to up to 6 years. Further, many companies are currently relying on Slack's default settings, which appear to provide for perpetual retention. See the chart below for a breakdown of retention periods.
- Regulated industries have longer retention periods. Not surprisingly, those respondents with longer retention periods (>1 Year) tended to be companies in highly regulated industries. For example, some respondents who are regulated by agencies like FINRA or the SEC use the retention policies in accordance with the requirements of the respective agency.
Anecdotally, the responses also indicated a wide array of approaches.
“[We intend to] delete Slack channels after 6 months, with restrictions around who can be an admin and controls around membership and access to certain channels where confidential / trade secret information is discussed.”
“Informal policy of don't put long-term, company-important, or complicated messages in Slack.”
“We are considering this issue currently and have a draft DRP where retention of things like Slack messages is still an open point. Also, I've spoken with our CTO and IT Director about restricting Slack use to internal users only. I've asked my legal team to provide training on how to use Slack/email/and other forms of messaging.”
“We would like to institute a 14 day retention policy but have not yet been able to get buy-in from all relevant business teams.”
“Because we are regulated by FINRA, all our slack messages are saved by Global Relay and must be retained for (I believe) 6 years. This required us to upgrade our Slack subscription to Slack Plus.”
“Our current retention policy is permanent retention of all communications. That will change in a year or two.”
“We have a one year policy for email and keep GDocs and other electronic documents forever.”
“180 days for email, excluding litigation holds and exceptions (M&A, etc).”
“Messages are retained in accordance with SEC requirements for investment advisers.”
“60 day retention, team members cannot override to expand for private channels / direct messages.”
“We delete files uploaded to Slack after 14 days. We currently do not delete chat histories.”
“Public Slack rooms are retained for 15 days. Private rooms for 60 days. DMs and Group DMs for 90 days. Documents are deleted concurrently with the conversations (no separate retention). Employees are instructed to retain and separately store documents pursuant to separate document retention guidelines.”
“1 year for general groups; case by case on finance, HR and legal related groups (if any)”
“60 days with very few exceptions - legal channel has 2 days retention; limited production channels have up to 6 months retention”
“Channels: 6 months; private chat: 2 months”