We use cookies to analyse traffic and to improve your browsing experience on our website. To find out more, read our privacy policy.

News Join our team Contact us
Published:  

The Australian Information Commissioner is calling on Australian Government agencies to improve information governance to ensure they meet legislative obligations when using messaging apps.

The Commissioner’s review of the policies and practices of 22 agencies found messaging apps are an established feature of digital communications in the Australian Public Service, though are regularly being used without adequate policies and procedures that reflect statutory obligations.

Australian Information Commissioner Elizabeth Tydd said, “While the technology being used to conduct government business is evolving, the need for agencies to equip staff to uphold legislative obligations remains.

“Messaging apps raise novel considerations for key pillars of our democratic system of government, including transparency and accountability.

“The report recognises the willing engagement of agencies that participated in this baseline assessment by the OAIC.”

The Commissioner’s findings include:

  • 16 of the 22 agencies permitted the use of messaging apps, 3 prohibited their use, and 3 did not have a position.
  • 12 of the 16 agencies that permitted their use endorsed, encouraged or communicated a preference for the use of Signal (one of these also endorsed, encouraged or preferred WhatsApp).
  • Only half of the agencies that permitted their use had policies or procedures about their use for work purposes.
  • These policies generally did not address freedom of information (FOI), privacy and other key obligations.

This is the first published report prepared for the Attorney-General under powers in the Australian Information Commissioner Act 2010, which reflect the Commissioner’s important role to report holistically on the information governance requirements of agencies.

“The OAIC’s three-commissioner model brings together multiple legislative requirements and allows the OAIC, as a single national regulator, to distil complex requirements into user-friendly guidance. This approach better serves agencies and the rights of the Australian community,” said Commissioner Tydd.

“Improving information governance will secure government information as a national resource and a source of truth and accountability for the Australian community.”

The report includes expert insight from National Archives of Australia (National Archives). This co-regulatory approach is the first of its kind for the Office of the Australian Information Commissioner (OAIC) and National Archives.

National Archives’ Director-General Simon Froude welcomed the findings of the report.

“The findings of this report contribute to our collective understanding of the extent to which messaging apps are used by Australian Government agencies, and the issues they face in managing these records. This information will help National Archives develop advice and guidance for agencies about the management of these important Commonwealth records.”

The OAIC has committed to continue work with National Archives to support agencies to understand their recordkeeping, FOI and privacy obligations when using messaging apps.

The OAIC will revisit the topic in two years to understand how the use of messaging apps for government business has evolved.

Read Messaging apps: a report on Australian Government agency practices and policies.

Recommendations

The Commissioner made four recommendations for agencies:

  1. Agencies should review existing policies or develop a policy to clearly set out whether or not they permit the use of messaging apps for work purposes.
  2. Agencies that permit the use of messaging apps should have policies and procedures that adequately address information management, FOI, privacy and security considerations.
  3. Agencies should examine the features of messaging apps needed to support official work. This should involve conducting appropriate due diligence on apps, considering the implications for communications with other agencies, and developing policies and procedures for individual apps.
  4. Agencies that permit the use of messaging apps should conduct due diligence to ensure any preferred messaging app collects and handles personal information appropriately. This may be achieved through a privacy threshold assessment.

Notes

  • ‘Messaging apps’ is used for mobile-based messaging apps, such as WhatsApp, Signal, Facebook Messenger and Telegram. A common function of these messaging apps is the ability to send messages that disappear after a specified period.
  • The Australian Information Commissioner prepared the report for the Attorney-General under the Australian Information Commissioner Act 2010. Section 7(a) allows the Commissioner to report to the Attorney-General on any matters that relate to the Australian Government’s policy and practice around the collection, use, disclosure, management, administration or storage of, or accessibility to, information held by the government; and the systems used, or proposed to be used, for these activities. This is the first report published under this power.
  • The primary objective of the report is to provide information, advice and assistance to agencies around the use of messaging apps.
OAIC logo
Contact us 1300 363 992

Monday to Thursday 10 am to 4 pm (AEST/AEDT)

Acknowledgement of Country

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

© Commonwealth of Australia