Slack is a popular communication tool for organisations around the world, with an estimated 65 million users logging in to share messages with colleagues on a regular basis.

While the productivity benefits are undeniable, organisations run the risk of sensitive data building up in the SaaS app as teams try to get work done quickly.

Setting a retention period on messages is crucial to minimise the amount of sensitive data stored in SaaS apps, therefore reducing the attack surface for malicious actors who want to access valuable data. There are a few ways of doing this in Slack, depending on your plan. However, you should bear in mind that a data security tool like Metomic can help you do this on a much granular level, which will get into later.

Why are retention periods so important in Slack?

With teams sending messages on Slack every day, there are risks associated with retaining all of the data exchanged between colleagues. For instance, if your organisation is complying with industry regulations such as GDPR, and HIPAA, you’ll need to ensure you are not retaining Personally Identifiable Information (PII) or Protected Health Information (PHI) for longer than necessary.

Unless Slack admins within an organisation change the settings, Slack stores messages for a lifetime which could include sensitive customer or employee information which might be shared between colleagues, or by third party tools that are integrated with Slack.

When setting retention periods, organisations should be careful to balance employee satisfaction and efficiency with security. Employees should still be able to carry out their roles, and retrieve information in order to ensure productivity is kept high.

How to set retention periods in free version of Slack

If you’re using the free version of Slack and you’re a workspace owner, you will have the option to keep all messages, without tracking message edits or deletions, OR Slack will delete messages after 90 days.

To set your retention period, follow these steps:

1. Open Slack on your desktop and click your workspace name in the top left of your sidebar
2. Click on ‘Tools & settings’ and then ‘Workspace settings’
3. Expand ‘Message history’
4. From here, you can choose your new retention settings
5. Hit ‘Save’ and tick the box to confirm
6. Click ‘Apply new setting’

How to set retention periods in Pro & Business+ subscriptions

Slack Pro & Business+ subscribers will have more options when it comes to retention periods.

They will be able to keep all messages and track message edits and deletions, keep all messages without tracking revisions, or delete messages after a set period of time.

You will need to:

1. Open Slack on desktop and click your workspace name in the top left of your sidebar
2. Click on ‘Tools & settings’ and then ‘Workspace settings’
3. Expand ‘Message history’
4. From here, you can choose your new retention settings
5. Hit ‘Save’ and tick the box to confirm
6. Click ‘Apply new setting'

How to set retention periods in Enterprise Grid subscriptions

As above, you will need to:

1. Open Slack on desktop and click your workspace name in the top left of your sidebar
2. Click on ‘Tools & settings’ and then ‘Workspace settings’
3. Expand ‘Message history’
4. From here, you can choose your new retention settings
5. Hit ‘Save’ and tick the box to confirm
6. Click ‘Apply new setting’

The benefits of setting retention periods with Metomic

Rather than deleting the entire message, Metomic allows you to set automated retention periods that only delete the sensitive data contained inside. This means that your messages that do not contain sensitive information can remain intact, allowing your team to remain efficient and productive.

You can set retention policies spanning hours, days, weeks or years, to ensure your team can still do their jobs with the sensitive data they need while giving your security team the reassurance that sensitive information will be redacted in time.