Slack has some options to delete all messages over N days old. Unless there is a really good reason not to, turning on this feature generally sounds like a good idea. At least you can drastically limit the length of the archive available to any attacker.
I strongly suggest not transmitting secure information or files via Slack or any other medium that retains or broadcasts (push notifications, email alerts) data.
Given the massive and escalating fines over customer data hacks and leaks I suspect we will see laws requiring data retention going head to head with consumer privacy laws. Given that even Jeff Bezos can’t keep his communications secure, the outlook for infosec consultants is fantastic. If anti-encryption laws start appearing on top of all of this, it’s going to be an absolute bonanza.
That's a terrible feature in an instant messenger client for work use? I cannot recall the precise details of my conversations with smart people who know things I do not. I can recall that I had the conversation and remind myself what I learned before.
Depends entirely on the conversation obviously, but perhaps important details should eventually be coalesced and moved to a more permanent document or project management system before the deletion deadline. It's a good discipline to have.
I don't think anyone would argue with the value side of the question. The tricky part is calculating the cost side. (The cost of not deleting old messages.)
Surely we can agree that the cost side is > 0.
I'd argue that the benefit side is generally at least a little lower than what we think it's going to be. And if the expiration limit is set to say, 1 year, the cost of deleting old messages goes down considerably.
As with many things in life, it's a tradeoff. Do you want to accept a higher risk of security incidents or make it easier to recall information from a long ago IM conversation?
There are rational reasons for an organization to do either.
Doesn't that have compliance implications? My understanding is that digital communications usually need to be stored for 3+ years in the case of a lawsuit and longer if you are in a regulated industry.
