Remote Work Privacy Insights — Edition 13: The Slack Message You Wrote in 2022 Is Being Read by a Lawyer Right Now

There's a dissonance at the center of every enterprise chat platform that nobody talks about plainly. The interface is designed to feel like a conversation — casual, fast, emoji-friendly, ephemeral in tone. The architecture is designed to function like a corporate archive — permanent, searchable, exportable, and legally discoverable.

Your employees are operating under one set of assumptions. The law is operating under the other. And the gap between those two realities has been generating seven-figure settlements for years now, with no sign of slowing.

This edition is about that gap — what creates it, why it's getting worse, and what compliance actually requires. I want to work through it using Helen Nissenbaum's contextual integrity framework, because I think it's the analytical tool that explains this problem most precisely. Not just the legal exposure, but why employees keep writing things they later deeply regret — and why the platform design almost guarantees that they will.

The clearest signal that enterprise messaging has entered a new compliance era came in January 2024, when the FTC and DOJ jointly updated their standard preservation letters, second requests, and compulsory legal process to explicitly name Slack, Microsoft Teams, Google Chats, and Signal as covered documents. The statement was remarkably direct: "Neither opposing counsel nor their clients can feign ignorance when their clients or companies choose to conduct business through ephemeral messages."

The DOJ's Deputy Assistant Attorney General went further, noting that failure to preserve these communications "may result in obstruction of justice charges." Not civil fines. Obstruction.

This guidance came on the heels of the Northern District of California's March 2023 sanctions against Google in the Epic Games antitrust litigation, where Judge James Donato found that Google — despite assuring the court it had "taken all appropriate steps" to preserve evidence — had done "nothing in the way of auditing or monitoring Chat preservation." Google's history-off-default for employee chats had effectively allowed the routine deletion of potentially relevant communications while litigation was foreseeable. The court found Google had "intended to subvert the discovery process" and sanctioned accordingly.

The practical message for every organization using enterprise chat: these platforms are, and have always been, discoverable under FRCP Rule 26(b)(1). The casualness of the interface is legally irrelevant. A Slack message sent in 2021 can be produced in litigation today. A DM between two managers that neither of them remembers sending is living in a legal hold system right now, waiting for a plaintiff's attorney to search it.

If your organization doesn't have a written retention policy that explicitly covers enterprise chat platforms — not just email, not just "documents" — you have a compliance gap. If that policy hasn't been enforced consistently, and if you've ever been involved in or reasonably anticipated litigation, you may have a spoliation problem. The Sedona Conference's guidance on information governance is clear on what "defensible disposition" requires: written retention schedules, consistently applied legal hold procedures, and contemporaneous documentation of preservation efforts.

The discovery burden compounds this. Industry estimates put the cost of processing and reviewing enterprise chat data at $18,000 to $25,000 per gigabyte. A mid-sized organization that has been running Slack for three or four years can easily accumulate hundreds of gigabytes of discoverable content. That's millions of dollars in discovery costs for a single litigation matter — before a single claim is resolved on the merits.

Before I walk through the scenarios, I want to spend a moment on the human question, because the legal and technical analysis tends to skip it: why do people keep writing genuinely damaging things in chat platforms that they know their employer controls?

The answer, I think, is that they don't actually know it in the way that changes behavior. They've been told. The onboarding acknowledgment form mentioned it. The acceptable use policy covers it somewhere. But the experiential reality of using Slack — the speed, the emoji reactions, the threading, the casual language norms of their team — communicates something different. It communicates ephemerality. It communicates informal peer exchange. It communicates the vibe of a conversation, not the permanence of a document.

This is exactly what Helen Nissenbaum's contextual integrity framework predicts. The framework holds that appropriate information flow depends on context — and that privacy violations occur when information flows in ways that violate the norms of the context in which it was shared. The norms of Slack, as experienced by most employees, are conversational, informal, and social. The norms of litigation are adversarial, formal, and permanent. When a Slack message is produced in discovery, it has been transferred from the first context to the second without the sender's knowledge or consent at the time of sending.

Let me apply all five principles to show how this plays out concretely.

Principle 1 — Context. The context of Slack communication, as experienced by employees, is informal workplace coordination. Team members share updates, ask quick questions, celebrate wins, and commiserate about frustrations. The interface design reinforces this GIF support, custom emoji, threaded conversations, "Is typing..." indicators. These are conversational affordances, not documentary ones. The problem is that the underlying architecture is a business records system, not a conversation. That contextual mismatch is the root of every scenario I'll describe.

Principle 2 — Actors. When a manager sends a DM to a colleague, they believe the actor set is two people. The actual actor set includes their IT administrator, any legal hold processor who has ever been activated, their company's outside counsel, opposing counsel in any litigation, NLRB investigators if the content touches on protected concerted activity, EEOC investigators if it touches on a protected characteristic, and — if the message ends up in a public court filing — anyone with a PACER account and an interest in their employer's litigation history. The FTC and DOJ's January 2024 guidance explicitly includes grand jury subpoenas as a route through which these communications can be compelled. The intended actor set and the actual actor set are not even in the same order of magnitude.

Principle 3 — Attributes. Chat platforms are uniquely dangerous because they capture attributes that employees would never include in formal communications. Pregnancy announcements to close colleagues. Offhand comments about someone's protected characteristics. Expressions of frustration about a specific employee that read very differently in a deposition context than they sounded in a 3 PM venting session. Edit histories that show what a message originally said before it was softened — creating exactly the consciousness-of-guilt inference that courts draw when they see a harmful original statement followed by a sanitized edit. The attributes that flow through Slack include essentially the full range of employment-related information, presented in a format that was designed for candor.

Principle 4 — Transmission Principles. Employees share information in Slack under the transmission principle of "voluntary workplace communication for operational efficiency and team cohesion." Their messages are actually retained under the transmission principle of "permanent business records subject to legal preservation and discovery." These are fundamentally different norms, and the gap between them is where liability lives. The NLRB has also recognized this gap — when Apple was accused of monitoring employees' Slack activity related to workplace concerns and organizing, the complaint alleged that the company's policies on channel creation and content effectively chilled protected concerted activity under Section 7 of the NLRA.

Principle 5 — Information Norms. The information norm of Slack, as experienced, is something like "casual and searchable by teammates, maybe by IT in an emergency." The information norm under which it actually operates is "searchable by anyone with a legal process, preserved indefinitely, exportable on demand." That gap is not a technical miscommunication. It's a structural feature of how enterprise chat was sold and deployed — as a collaboration tool, marketed for its ease and speed, with the legal and compliance dimensions treated as secondary. Until employees genuinely understand which information norms govern their messages, they will keep writing things that harm themselves and their organizations.

A senior marketing analyst announces her pregnancy to her manager during their weekly one-on-one. The manager responds warmly, says all the right things about the company's parental leave policy. Three hours later, he sends a DM to a peer manager:

Manager 1, 2:47 PM: "Sarah just told me she's pregnant. Due in August." Manager 2, 2:49 PM: "Oof, right before Q4 planning." Manager 1, 2:50 PM: "We were going to promote her to Senior Manager in July. Not sure that makes sense now?" Manager 2, 2:52 PM: "Can you push it to Q1 next year? By then, you'll know if she's coming back full-time." Manager 1, 2:53 PM: "Smart. I'll just tell her the promotion cycle got delayed."

Neither manager thinks of this as discrimination. They think of it as practical workforce planning. Sarah didn't get promoted in July. When she returns from maternity leave, a colleague hired after she went on leave has been given the title. She files an EEOC charge. During discovery, these messages are produced.

The contextual integrity analysis is precise. The context was informal management consultation between peers — the kind of quick check-in that happens dozens of times a day in every organization. The actor, Manager 1, intended: one trusted colleague. The actual recipients: EEOC investigators, the company's legal team, plaintiff's counsel, and eventually Sarah herself. The attributes discussed: Sarah's pregnancy, a protected characteristic under the Pregnancy Discrimination Act, framed explicitly as a business liability. The transmission principle under which Manager 1 shared: seeking peer advice. The transmission principle under which it was preserved: creating a permanent, searchable record of discriminatory intent. The information norm Manager 1 operated under: this is a private conversation between two managers. The information norm that governed the outcome: this is discoverable evidence of the mental process behind an employment decision.

The legal exposure under the Pregnancy Discrimination Act and Title VII is clear. The reason settlements in these cases run into the millions is precisely because a few DMs establish discriminatory intent with a clarity that pages of witness testimony couldn't match. The messages are contemporaneous, authentic, and unambiguous.

What compliance requires: Manager training that actually addresses this — not a 30-minute annual video about harassment policy, but specific training that teaches managers to apply the "front-page test" to any message touching on protected characteristics, leave requests, or employment decisions. The answer to "should I push her promotion back because she's pregnant" is not "let me DM my colleague about it" — it's "let me call HR or employment counsel." Any message about an employee's protected status, disability, or leave should be treated as if it will appear in a deposition exhibit. Because it might.

An employee files an internal HR complaint at 2:14 PM on a Monday, alleging his manager has been making racially insensitive comments. Two weeks later, he's placed on a performance improvement plan. The manager claims his performance has been declining for months, and the PIP is entirely unrelated to the complaint.

In discovery, the plaintiff's attorney subpoenas the company's Slack data. The message content from the manager's channels during the relevant period is produced. But the attorney is paying closer attention to the metadata.

A channel called #leadership-private was created at 3:47 PM on the day of the HR complaint — 93 minutes after it was filed. Four people were added at 3:47: the manager, her manager, an HR business partner, and an employment attorney. The channel was deleted 19 hours later. Slack's Enterprise Grid retention system preserves deleted channel metadata, including creation timestamp, member logs, deletion timestamp, and message count: 47 messages sent before deletion.

The company claims attorney-client privilege. But the metadata shows the manager and her manager exchanged 12 messages before the attorney was added to the channel 30 minutes later. Those 12 messages aren't privileged. When the court orders their production and the company recovers them from backup:

Manager, 3:52 PM: "James just filed a complaint about me with HR." Senior Manager, 4:01 PM: "Do you have documentation of the performance issues?" Manager, 4:03 PM: "Not formal documentation, but I can write it up now. Better to have it on record before this goes anywhere."

The temporal proximity channel created 93 minutes after the complaint, and the content of the messages establishes both causation and pretext. The absence of contemporaneous documentation, revealed by the manager's own words, destroys the "unrelated performance decline" defense. The channel deletion while an HR investigation was pending creates a spoliation inference.

This scenario illustrates something critical about metadata that most compliance discussions miss: timestamps, channel creation and deletion logs, member add/remove records, and message counts are all preserved by enterprise Slack in ways that create a timeline of consciousness and intent even when the message content is unavailable or privileged. You can delete a channel; you can't delete the metadata that shows when it was created, who was in it, and when it was destroyed.

The contextual integrity violation here is the transmission principle: information shared in what the managers believed was a protected, privileged space was ultimately governed by the same disclosure norms as all other Slack data, with the additional adverse inference that comes from deletion. The FRCP Rule 37(e) analysis for spoliation doesn't care whether the deletion felt routine. It asks whether the information should have been preserved, and whether its loss prejudiced the opposing party.

What compliance requires: A legal hold protocol that covers Slack channels — not just individual user custodians. Any time an HR investigation is opened, legal counsel is engaged on an employment matter, or an EEOC charge is filed, Slack channels related to the relevant employees and decisions should be placed on hold immediately. The Sedona Conference's guidance on defensible disposition is clear that legal hold procedures must suspend normal retention and cover all relevant data sources — and enterprise chat is now unambiguously a relevant data source. Organizations should also implement a policy requiring legal approval before creating any private or temporary channels in connection with an employee relations matter.

A hospital system creates a Slack channel called #clinical-questions for nurses and physicians to quickly consult with specialists on patient cases. The intent is genuinely good — faster care, reduced time hunting down specialists, better clinical outcomes. The implementation is a HIPAA disaster.

A hospitalist sends a message at 11:47 PM: "@dermatology Room 412, 34F with unusual rash pattern on trunk and extremities. Started 3 days ago. No fever. Photos attached." She attaches three clinical photographs.

The channel has 847 members — every physician, nurse, and clinical staff member at the hospital, including environmental services staff who use Slack for shift coordination, billing specialists, case managers, physical therapists, and nutritionists. Not because anyone intended to give all of them access to patient consultations, but because the channel was set to "open" and over time everyone joined it.

When a billing specialist's laptop is stolen from her car with Slack logged in on the browser, the breach notification analysis covers 1,247 patients whose cases were discussed in #clinical-questions over the preceding six months. 847 people had those clinical photographs synced to their personal phones through the Slack app.

Under HIPAA's Minimum Necessary standard, 45 CFR §164.502(b), covered entities must make reasonable efforts to limit the use or disclosure of protected health information to the minimum necessary to accomplish the intended purpose. A dermatology consult requires perhaps three or four dermatologists. It does not require 847 people. The channel architecture made compliance with the minimum necessary standard structurally impossible — not because of bad intentions, but because nobody at implementation thought through the privacy implications of an open channel in a clinical setting.

The OCR enforcement framework for HIPAA breaches covers failures of technical safeguards, access controls, audit controls, and the minimum necessary standard — all of which were present here. The settlement required not just the monetary payment but the implementation of role-based channel access, automatic channel deletion policies, and a prohibition on PHI in general Slack channels.

The operational aftermath is instructive: clinical staff resented the restrictions and found the HIPAA-compliant alternative slower and less effective. The #clinical-questions channel was actually helping patient care. The problem was that its architecture — an open channel on a general collaboration platform — was fundamentally incompatible with the minimum necessary standard. The compliance solution wasn't a policy change; it required an architecture change. PHI-containing communications require access controls and retention policies that general enterprise chat platforms don't provide by default.

What compliance requires: Any healthcare organization using Slack or Teams for clinical coordination needs a specific channel architecture review against the HIPAA Security Rule before deployment, not after a breach. That means role-based access controls limiting clinical channels to those with documented need to participate, automatic deletion policies calibrated to the minimum retention needed for patient care purposes, a Business Associate Agreement with the platform provider covering PHI hosting, and device management policies preventing unsecured local storage of channel content on personal devices.

The scenarios above share a common structural problem that I want to name directly, because it's the issue that makes enterprise chat governance genuinely hard rather than just neglected.

GDPR Article 5(1)(e) requires that personal data not be kept "longer than is necessary." The UK Information Commissioner's Office explicitly warns against keeping information "just in case it might be useful in the future." Privacy law pushes toward deletion.

FRCP Rule 37(e) creates severe sanctions for destroying electronically stored information once litigation is reasonably anticipated. Employment law requires preserving records related to personnel decisions. E-discovery practice is built on the assumption that relevant communications will be available. Legal obligations push toward retention.

The FTC and DOJ's joint guidance makes clear that the legal preservation obligation applies to enterprise chat in the same way it applies to email and documents — with criminal obstruction charges as a possible consequence for non-preservation when litigation is foreseeable. The privacy obligations don't disappear because litigation is possible; they coexist in tension.

The practical resolution to this tension isn't finding the one perfect retention period. It's building a governance architecture that can apply different rules to different content. Social channels and casual banter reasonably warrant shorter retention — say, 90 days — with automatic deletion. Project-specific channels warrant longer retention tied to project completion. Channels involving employment decisions, compliance matters, or any content that could be relevant to foreseeable disputes warrant legal hold capability. The Sedona Conference Commentary on Information Governance describes this as "defensible disposition" — not keeping everything forever, not deleting everything routinely, but applying a documented, consistent rationale that can be explained to a court or regulator.

I want to close with something concrete, because the regulatory and case law picture can feel paralyzing without a path forward.

First, add enterprise chat explicitly to your written retention schedule. If your current policy covers "email" and "documents," it covers Slack by implication — but implication is not the same as "we had a defensible policy and we followed it." Name the platforms, specify the retention periods by channel type, and document who owns the governance responsibility.

Second, build a Slack-specific legal hold protocol. The protocol needs to cover channel-level holds, not just custodian-level holds. It needs to include metadata preservation requirements. It needs to specify how IT will identify and hold relevant channels within hours of a triggering event, not days or weeks.

Third, audit whether your platform subscription gives you the access you need. Organizations on basic Slack plans cannot access private channel and DM data for discovery or investigation purposes — only Enterprise Grid provides that capability. If you're holding Slack data for litigation purposes or regulatory compliance, your plan needs to match your obligations.

Fourth, implement contextual privacy notices that employees will actually encounter. An acknowledgment form buried in onboarding doesn't change behavior. A banner that appears when employees join a new channel, a periodic in-app reminder, or a workflow that flags messages containing employment-sensitive keywords — these create genuine awareness rather than documented ignorance. The goal isn't to make employees afraid to communicate. It's to ensure that their mental model of the platform's permanence matches reality.

Fifth, train managers specifically on discovery-aware communication. Not a general anti-harassment video, but case study-driven training that shows what DMs about pregnant employees or performance improvement decisions look like when projected on a screen in a deposition. The best way to change the behavior is to make the consequence visceral, not theoretical.

The FTC's position is now explicit: companies and individuals "have a legal responsibility to preserve documents when involved in government investigations or litigation." The courts' position — established through the Google sanctions, reinforced through years of employment discrimination and wage-and-hour litigation — is equally explicit: Slack messages are discoverable business records. The only remaining question is whether your organization will treat them that way before a demand letter arrives, or after.

If this edition raised questions about your specific retention policy, your legal hold protocol for enterprise chat, or your platform architecture for clinical or financial communications — reply directly. These are exactly the compliance conversations worth having before the subpoena, not after.

📚 Order the book: Rethinking Workplace Privacy, Power, and Productivity in the Age of Remote Work. It includes comprehensive compliance frameworks, policy templates, and step-by-step implementation guides for achieving regulatory compliance through contextual integrity.

📚Order the book: Intrapreneurship: How to Create a Company of Intrapreneurs. A comprehensive guide on fostering intrapreneurship within organizations. The book emphasizes the importance of identifying and nurturing intrapreneurs, who are the innovative employees within the company.

Disclaimer: Remote Work Privacy Insights is a newsletter that looks at privacy issues in the workplace using academic ideas. It's meant to educate and is not legal advice. For advice tailored to your company, talk to a qualified privacy or employment lawyer. The opinions shared are the author's and not those of any employer

Regulatory Guidance

Case Law

E-Discovery and Information Governance

Employment and Privacy Law

Foundational Theory