While I am a huge fan of Slack, they sent out some information this morning, which makes me question whether or not I love it quite as much. Slack has updated their privacy policy in order to comply with GDPR rules. But the new policy allows administrators to export all the data that you’ve shared in slack – including private conversations. If that wasn’t enough, the administrator isn’t required to notify you that they’re exporting the data. So I guess you should start watching what you say? All that said when it comes to work communication – shouldn’t we be careful, regardless?
The caveat here is that you have to be using Slack Plus or Enterprise plans. This functionality was previously available, but it used to notify users when it was turned on, so they would know that their DM’s weren’t private. If you’re unsure if your team uses either of those plans, you can head over to https://YourTeamNameHere.slack.com/account/team to find out. (Normally I would provide you with a link, but everyone has a unique slack name and therefore, a link isn’t going to work in this situation.)
A further caveat to this makes it even more interesting. Just because you’re on a free or Standard plan, doesn’t mean that you’re safe from this possibility. In fact, administrators can request access to the data export tool by providing Slack with either a valid legal process, consent from the team members or a requirement or right under applicable laws. Which definitely seems like a lot of work. So, if your administrator really wants this data, they’re going to upgrade to one of the more advanced plans.
The third caveat to all of this is that administrators can use a whitelisted app, which basically does the same thing. You can check out which apps are connected to your teams account by visiting: https://YourTeamNameHere.slack.com/apps/manage. The problem is that it might take you a while to figure out which apps are doing what.
I guess my question is whether or not this really matters? I mean, sure, you’d like to think that there is some level of privacy, however, when it comes to work communications, I don’t think there is. The iPhone that work has provided me has a ton of tracking capabilities on it. I know for a fact that my IT Department can look things up on my phone if they needed to. Which is why I use my work iPhone for work.
I use my personal iPhone for personal business. I guess I’m just not sure why you would mix the two? Sure, I’ll send emails to colleagues, but I kind of have a litmus test for what I’ll include in there. Which is – do I want this getting back to my boss? If the answer is no, well then I don’t send it. I pick up the phone and say it verbally so there isn’t a paper trail, or I don’t say it at all. It’s that simple, in my opinion.
Which is why I’m not completely surprised that Slack is doing this. Like I said, it’s not ideal, but if it’s being used for work purposes, then that level of privacy shouldn’t be expected. If you’re worried about what you’ve said already, there is an option in Slack’s DM channels that allows you to wipe conversation history as often as you specify. Go to the channel itself, click on the gear icon, and choose “edit message retention”. That option, however, only allows you to clear the data after a minimum of a day. So if you’re willing to risk it, go for it. Otherwise, find a different venue if you want to say bad things about your boss.
[…] post ICYMI: Slack Updates Their Privacy Policy and it’s Not Pretty appeared first on Saintel […]