Slack privacy, and how to improve it

Approx Reading Time: 10 minutes

Slack is a professional communications tool mostly used by individuals for coordinating and sharing information within an organization. Slack also offers plenty of add-ins that make it perfect for communicating within groups or directly with a person. But if you are concerned about your data privacy as a Slack user you are not overreacting. Slack users have been victims of phishing attacks and Slack has been hacked in the past. This makes it even more important for Slack users to tighten their privacy while using this platform and also make themselves aware of what controls they have over the data they have shared with Slack. Some commonly asked Slack privacy questions and their answers are as follows:

How does Slack deal with user privacy?

Slack handles user data privacy with the help of industry-standard data privacy measures including data encryption, allowing users to pick data residency, securing user accounts with two-factor authentication, limiting access to user data, and surveillance of stored data.

How can you improve your privacy if you use Slack?

You can improve the privacy of your Slack account by checking if your bosses can read your messages, limiting the duration of personal chat retention, and turning on two-factor authentication.

How can you get information removed from Slack?

You can delete your Slack account to remove all of your Slack account information.

How can you find out what information Slack has about you?

Your administrator can export your Slack account data to find out what information Slack holds about you.

Does Slack tell you who they share your information with?

Slack shares user data with your employer, third-party services, service providers, subsidiaries and affiliates, and law enforcement agencies.

Does Slack remove user information from third parties?

Slack cannot remove your data from any of the third parties.

Slack privacy, and how to improve it 1

So there you have with while Slack is trying its best to keep their user privacy intact there are always some loopholes that cybercriminals might use to gain unauthorized access to user data. This is why in this article we are going to equip you with the knowledge that is going to help you in keeping your data private as a Slack user.

How does Slack deal with user privacy?

With the increasing privacy risks and challenges tech enterprises such as Slack are adopting newer and more advanced techniques to deal with user privacy. Slack employs some industry-standard user data security measures to ensure user privacy. Some key ways Slack handles use privacy are as follows:

● Data encryption:

Slack keeps strong encryption and security controls over the user data while it is stored at their servers at also while it is in transit. There is always a risk of a cyber break-in at the data centers of Slack not to mention the user data can also get intercepted and read while it is being transported from the user’s device to its destination. But if user data is encrypted the hackers will not be able to read or decode user data even if they somehow gain unauthorized access to user data. Encryption has become an industry standard at this point and it is almost impossible to keep data fully secured without encrypting it.

● Allowing users to pick data residency:

As a premium service, Slack offers its users the option to pick the region of the world where their data is going to be stored. By providing users control over where their data is being stored Slack allows the user to keep their data secure by requesting to store it at safer regions with better privacy laws and strong data protection.  

Slack privacy, and how to improve it 3

● Securing user accounts with two-factor authentication:

While signing into your Slack account using your password might be convenient but this convenience doesn’t provide a lot of protection to your account if an unauthorized individual somehow finds out what your Slack account password is. To counter this issue Slack provides its users with an option to secure their accounts with two-factor authentication. Two-factor authentication is a second layer of protection in the form of a unique code that you have to provide along with your password every time you try to log into your Slack account.

● Limiting access to user data:

Slack claims to limit the access to user data to certain authorized individuals who are responsible for handling and maintaining user data. Other than these authorized individuals no one can gain access to stored user data. This limited access policy ensures that only the privacy trained individuals can handle or maintain user data with full confidentiality while user data remains inaccessible to anyone who is not authorized to access user data even within Slack.

● Surveillance of stored data:

Of course none of the above-mentioned privacy protection measures wouldn’t matter if the actual data centers were not guarded properly. That is why Slack uses specialized firewalls and a trained team of data security professionals to prevent cyber attacks on data centers and also for preventing any physical break-ins.

How can you improve your privacy if you use Slack?

Your slack account data is as vulnerable in your possession as it is while stored at Slack data centers. This is why you need to make sure that you take the necessary privacy protection measures for your Slack account. Because simply relying on Slack for protecting your privacy is not enough. Some ways you can improve the privacy of your Slack account include:

Slack privacy, and how to improve it 5

● Check if your bosses can read your messages:

When you use the direct or private message feature in Slack to communicate with a coworker your private messages can be saved and your boss or your organization’s IT team can export and read your conversations. Employers only have this option if they use a paid Slack package for their organization. You can check if your employer has turned on the setting for exporting your messages by signing into your Slack account from a desktop browser and then going into your account section and clicking on the team. Here you will find the “Retention and Export” option and under this option, you can check if your administration can or can not export your Slack messages. If the export for private messages is turned on you should be extra careful not to share any information or gossip that you don’t want your bosses to find out about.

● Limit the duration of personal chat retention:

As mentioned in the previous section it is a fact that your bosses can read your Slack conversation. But you can control the duration for which your personal messages stay saved for your employer or administration to import. Ideally, you want to retain your Slack messages for a very short duration. You can do this by opening a chat you want to change retention settings for and click the “!” icon on top of the chat and select “Additional options” you might have to click on more to find the additional options. Next, click on the “Edit message retention”   option and select the duration after which the messages of the chat will be automatically deleted. The least amount of time you can retain a chat is 1 day so you should select 1 day as the duration of your chat retention.  

● Turn on two-factor authentication:

Two-factor authentication makes your account secure and prevents unauthorized access and data breaches. This account security feature of Slack allows you to set up a second layer of security code on top of your existing Slack account password. So even if someone guesses what your Slack account password is they will still need the two-factor authentication code to access your account. You can turn on two-factor authentication by either using your phone number or a third-party authenticator app but we recommend using SMS as your main authentication method since it doesn’t require adding your account in a third party app which in itself is a privacy risk.

Slack privacy, and how to improve it 7

To turn two-factor authentication on for your Slack account simply log into this link using your Slack account details https://my.slack.com/account/settings and inside your Slack account’s settings menu find the “Two-factor Authentication” option and click expand next to this option. From the expanded menu click on “Set Up Two-Factor Authentication”. You will be asked to provide your password to confirm your identity and after providing your password pick the “SMS Text Message” option and select your country the next menu. Next, enter your mobile number and the area code in the provided sections to receive the authentication code on your phone via SMS. Once you receive the SMS containing the code enter the code into the two-factor authentication page of your Slack account and click on “Verify Code” to finish setting up two-factor authentication for your Slack account.

How can you get information removed from Slack?

If you want to remove your Slack account data from Slack’s servers properly you will have to delete your Slack account permanently. You can delete your Slack account by going to this link: https://slack.com/intl/en-pk/help/contact/delete-profile and fill out the form with the required details to submit your Slack account deletion request.  

How can you find out what information Slack has about you?

Since Slack accounts are provided to employees by the employer or the administrator of the organization employees can consult with their bosses if they want to get a copy of their data such as messages and other communications. For administrators, they can export the data of a certain employee or member by logging into their Slack account using a desktop and clicking on their user name. From the drop-down menu pick “Settings & administration” and then select “Workspace settings”. Here you can find the export and export data option and you can choose export to submit the request for a copy of any employee’s data.

Does Slack tell you who they share your information with?

While Slack claims they don’t sell user data with anyone they do however share user data with third parties for various reasons. The main parties Slack shares your data with include:

● Your employer:

As explained in previous sections Slack gives your employer or your organizational administration full control over the data of their employees. And the employers can access data such as messages and other Slack activity of their employees.

Slack privacy, and how to improve it 9
By Luis ResendeCC BY-SA 4.0

● Third-party services and service providers:

Slack relies on other companies and partners to provide Slack with various outsourcing services such as marketing agencies, storage, and analytics service provider to name a few. Similarly, if you use a third-party app or service with Slack such as an authenticator application for using two-factor authentication Slack will share some of your data with these third-party services as well.

● Subsidiaries and affiliates:

Slack is a part of a group of companies that it owns and is owned by. Since the companies from the Slack group share infrastructure and other resources they also share user data among the group.

● Law enforcement agencies:

Slack mentions in their privacy policy that they might share your information with courts or law enforcement if required by law or in case of a court order.

Does Slack remove user information from third parties?

Slack does not own any of the third parties mentioned above and therefore it does not possess the authority to delete user data it has shared with the third-party partners. All of the third parties Slack shares data with have their respective privacy policies and therefore you can’t expect Slack to delete your data from the servers of third-party partners.