Australian Government Agencies have been urged by the Office of the Australian Information Commissioner (OAIC) to strengthen their policies on messaging apps like Signal, WhatsApp, Telegram and Facebook messenger.
On 19 March 2025 the OAIC published ‘Messaging apps: a report on Australian Government agency practices and policies’ highlighting significant gaps in the governance of messaging apps by employees within Australian Government agencies.
Since the 2010s, phone-based instant messaging apps have emerged as popular forms of communication. They present challenges for recordkeeping, Freedom of Information (FOI) and privacy, since the Freedom of Information Act 1982 (FOI Act) and the Archives Act 1983 (Archives Act) commenced at a time where agencies principally used paper-based files.
Australian Information Commissioner, Elizabeth Tydd, emphasized that the current digital environment demands a shift from a compartmentalised to a holistic approach to information governance by government agencies. Tydd urges agencies to view their information governance obligations through a broader lens and to reconsider what might constitute a ‘document’ or a ‘record of an agency’.
Key findings
The OAIC surveyed 22 Australian government agencies, revealing that 16 (73%) permit the use of messaging apps for work purposes. However, the report found that many of these agencies lack formal policies addressing essential obligations under the FOI Act, the Privacy Act 1988, and the Archives Act.
Specifically, only 8 of the 16 agencies that permitted messaging apps had documented procedures to support their use, and many failed to adequately address key requirements such as FOI search capabilities, privacy considerations, and archival standards.
- Among the agencies that allowed messaging apps, only half had established policies or procedures to govern their use.
- Of the policies provided, 5 addressed security classification requirements, while 6 did not meet essential archival requirements.
- 5 agencies did not adequately address FOI search requirements, and 5 did not mandate the use of official accounts or devices for work-related messaging app communications.
Recommendations for improvement
- Agencies should develop or review existing policies to clearly state whether messaging apps are permitted for work purposes.
- Agencies permitting messaging apps should implement policies that address information management, FOI, privacy, and security considerations.
- Agencies should assess the features of messaging apps to ensure they support official work and comply with legal obligations.
- Agencies should conduct privacy threshold assessments to ensure that preferred messaging apps handle personal information appropriately
The OAIC plans to revisit this topic in two years to assess the progress of agencies in addressing the identified gaps and implementing the recommended improvements.
For more detailed information, the full report is available on the OAIC’s website: Messaging apps: a report on Australian Government agency practices and policies | OAIC