cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
4d4m
Newcomer III

Chat retention in Teams or Slack

Does anyone have a custom policy on how long chat is retained/deleted for tools like Teams and Slack that they are willing to share.

 

The default in most tools now is to retain indefinitely.

 

On the one hand it can be useful in a project to keep persistent chat to refer back to, on the other hand this may cause legal issues if kept for too long or cause contractual issues around data retention.

 

Just wondered if anyone has landed on a happy medium!

 

Thanks

5 Replies
Lamont29
Community Champion

Hi,

 

It appears that that should be a part of and follow the organization's data retention policies and de jure standards.That would be my directive, unless there's more information about it that you'd like to share.

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
4d4m
Newcomer III

Thanks, yes, that is the default position.


But, I was wondering if anyone was keeping chat for much shorter periods than say email?

Lamont29
Community Champion

My thoughts are that there would be no 'industry standard' pertaining to
how long information is kept. You can reference GDPR or CCPA, select the
most rigid standard and go from there. But I would assume that you'd take
the information from your security assessment, query the company executives
and let that information be your guide.

Lamont
Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
brucebeam
ISC2 Former Staff

I have been at companies with zero retention which can be painful for the end-user and blessing for the legal / discovery teams. I think finding the balance while working with your legal and compliance teams is a key factor. If you do not have a starting point, I would recommend mirroring email retention policies to keep it clean.

denbesten
Community Champion

My employer expires emails after 3 years and chats after a month.  These intervals were decided by legal, entombed in written policy and implemented by I.T.

 

We are now considering that Teams, with its persistent chat conversations might need a retention period between these two extremes.