This policy outlines how long we retain data within Slack at the University of York, taking into account Data Subject rights and compliance risks, operational and record keeping needs and Slack’s expanding functionality.
It has been developed by IT Services, the Records Management and Information Governance teams and signed off by the University’s Information Security Board.
This policy sets out to:
This policy applies to all data within the University of York Slack Grid.
2.1 Messages in public and private channels
By default:
Three years has been agreed as the default setting in order to cover annual business cycles, keep short-medium term information on recurring issues or shared information available and to support ongoing projects and collaboration that are medium-long term.
Due to the breadth of use of Slack, some members may need to keep data for a shorter or longer amount of time. To give flexibility, all members can override the default message retention settings on private channels they are members of. Changes to channel policies will be visible in our Slack audit logs and a notification message will be sent in the channel within Slack.
We only recommend making a change if there's a strong business need and agreement from channel members because messages will be permanently deleted up until the point of the overridden policy date, which means other people may unexpectedly lose data if the notification in channel is missed.
Workspace Owners have permission to override the default message retention settings on public channels created in their workspace, but this should only be done where there’s a strong business need.
2.2 Direct messages
18 months has been agreed as the default setting for direct messages as the content in these conversations is more transitory and casual in nature than that of a project or team channel. Members are encouraged to have conversations relating to work in private or public channels.
Due to the breadth of use of Slack, some members may need to keep data for a shorter or longer amount of time. To give flexibility, all members can override the default message retention settings on DMs. Changes to DM policies will be visible in our Slack audit logs and a notification message will be sent in the channel within Slack.
We only recommend making a change if there's a strong business need and agreement from all members because:
2.3 Editing and deleting messages
Members have permission to edit their messages for up to 30 minutes from the time they were sent.
Org Owners and Workspace Admins have permission to delete messages. Messages should only be deleted in exceptional circumstances such as confidential information being shared in a public channel.
2.4 Files By default uploaded files will be retained within Slack for three years from the time they are uploaded. No override option is available.
2.5 Canvases By default canvas content will be retained within Slack for three years from the date of the last edit. No override option is available.
2.6 Lists By default lists content will be retained within Slack for three years from the date of the last edit. No override option is available.
All members of staff that use Slack are responsible for:
3.1 Channel management
3.2 Data sharing and management
3.3 Storing and documenting information