Need to Collect Data from Slack? Read this First.
The world of e-discovery is constantly evolving. New data sources arise seemingly every day, but it’s breakthrough platforms like Slack that present the most significant challenges for forensic collection.
A highly flexible instant messaging and group-chat platform, Slack has experienced explosive growth in recent years—going from 2.7 million to 5 million users between April 2016 and February 2017 (TechCrunch, Statista). The platform allows users to chat, send and save files, and integrate data from other sources. This high level of functionality results in significant obstacles for e-discovery professionals trying to collect and review data from Slack.
Despite its popularity as a workplace communication tool, many litigation professionals aren’t familiar with the platform and the responsive data that could exist within it. When the corporate IT space experiences such rapid growth in a new communication paradigm, the effect on litigation (and particularly e-discovery) is extreme. Naturally, the need to collect, review, and produce data from Slack has become a frequent request in e-discovery, so we’ve outlined your options for retrieving data from this emerging technology:
1) Export directly from Slack
Also called Slack’s “standard export,” this exports messages and files from public channels only. This is a great (and free) feature for all customers, but its usability for discovery review is limited. The public messages are exported as JSON files, which are not very helpful in large-scale review. Additionally, the export will contain a JSON file for each day the channel was used, potentially resulting in hundreds of files per channel. Lastly, attachments are provided via links within the JSON file, requiring litigation support to retrieve those that are potentially responsive, thus adding a step to the workflow.
2) Compliance Plan
If a standard export is not viable, Slack offers a compliance plan for “Plus” customers, allowing private channels, direct messages, and group messages to be collected. However, the compliance plan only includes data starting on the day you enable it. Public channel data is still available as it was in the standard export, but historical private channels, direct messages, and group messages will have to be collected via an alternative method.
3) Discovery API
If the compliance plan is not in place, data from private channels, direct messages, and group messages is available through the discovery API. Data that’s collectable through this feature includes: user’s public channels, user’s identity, and content in user’s direct messages.
4) Third-Party Archive
A newer feature involves third-party archiving systems. These platforms, such as Smarsh, are great for retrieving traditional data types (e.g. email) and have finally included Slack as a source. Although the data is archived, the critical point is how the data is exported for review.
5) Onna
Onna is a data collection and management platform capable of retrieving data from Slack and several other platforms. It connects with Slack’s user API and the Slack Enterprise Grid, and gives you the option to select specific channels, direct messages, and multiparty messages. You can specify date ranges, and Onna will collect and process the contents. The result is a complete, native file ready for review within any platform.
Equally important to having a sound collection strategy is having an efficient, cost-effective review method. Data from Slack’s standard or compliance exports is in a JSON format, which is normally converted to CSV for review. Although the Discovery API produces a richer dataset, it doesn’t enhance review capabilities.
In my experience, Onna is the best option for the collection, processing, and review of Slack data. As Onna collects data, it’s processed and prepped for export, combining phases from the traditional EDRM model, thus saving time and money by running these tasks in parallel. Onna provides significant flexibility by allowing the user to export all synced data or only target data using filters or search terms. Once the data is identified for export, it’s added into a load file that can be directly imported into a review platform, such as Relativity. This allows the user to transform the data from a loose set of JSON files into a highly organized load file that can be immediately uploaded to a review platform. Then, every important function of those platforms can be applied to the Slack dataset. Onna’s approach to facilitating collection, processing, and review is superior in the marketplace and ahead of the curve in terms of how Slack data is reviewed across the industry.
For more information on TLS’s forensic consulting and e-discovery services, check out our website. For more information on TLS’s partnership with Onna, view our press release here.