Slack is a billion dollar San Francisco newbie that gives itself excessive license to play free and easy with stuff that doesn’t belong to it.
Slack is a product that enables teams to collaborate through ‘channels’. Individuals can, for example, work together on a customer’s files that they’ve uploaded to Slack, search them and so on.
Here’s the intro…
So far, so cuddly.
Note that Slack receives and collects. Slack doesn’t receive and ‘store’ for its customers. Slack ‘collects’. It hoards.
From a long list, this is a key item it ‘collects’
And that’s no surprise. Slack can’t exercise its core functionality without this information.
What might Slack do with the information that it ‘collects’. It can ‘share’ it. With whom might it share its customers’ information? Recalling that ‘information’ includes everything that Slack’s customers upload to Slack together with all surrounding meta data, Slack may share it with:
Slack may reply that it might share all of its customer data
But Slack does not undertake to sue or otherwise enforce such a contract in the event of a breach which damages its customers. Slack doesn’t even empower its customers to take action on its behalf. A Slack customer would therefore be most unwise to rely on any ‘promise’ when considering whether to entrust its privacy to Slack.
Slack also has a security policy
But it seems to me that those circumstances are not limited, they are in fact effectively unlimited and Slack need never ask permission to share anything at all.
Our tentative conclusion?
Gavurin handles highly sensitive data for its customers. My own view is that even if we undertook not to upload anything about our customers to Slack, if it emerged that we used Slack, our reputation for data governance could take a damaging hit.
In summary, if you care about your information or that of your customers, you should think carefully before entrusting any of it to Slack.