OAIC Finds Government Use of Messaging Apps Lacks Oversight

OAIC

Australian Government Agencies have been urged by the Office of the Australian Information Commissioner (OAIC) to strengthen their policies on messaging apps like Signal, WhatsApp, Telegram and Facebook messenger. 

On 19 March 2025 the OAIC published ‘Messaging apps: a report on Australian Government agency practices and policies’ highlighting significant gaps in the governance of messaging apps by employees within Australian Government agencies. 

Since the 2010s, phone-based instant messaging apps have emerged as popular forms of communication. They present challenges for recordkeeping, Freedom of Information (FOI) and privacy, since the Freedom of Information Act 1982 (FOI Act) and the Archives Act 1983 (Archives Act) commenced at a time where agencies principally used paper-based files.  

Australian Information Commissioner, Elizabeth Tydd, emphasized that the current digital environment demands a shift from a compartmentalised to a holistic approach to information governance by government agencies. Tydd urges agencies to view their information governance obligations through a broader lens and to reconsider what might constitute a ‘document’ or a ‘record of an agency’. 

The OAIC surveyed 22 Australian government agencies, revealing that 16 (73%) permit the use of messaging apps for work purposes. However, the report found that many of these agencies lack formal policies addressing essential obligations under the FOI Act, the Privacy Act 1988, and the Archives Act. 

Specifically, only 8 of the 16 agencies that permitted messaging apps had documented procedures to support their use, and many failed to adequately address key requirements such as FOI search capabilities, privacy considerations, and archival standards. 

  • Among the agencies that allowed messaging apps, only half had established policies or procedures to govern their use. 
  • Of the policies provided, 5 addressed security classification requirements, while 6 did not meet essential archival requirements. 
  • 5 agencies did not adequately address FOI search requirements, and 5 did not mandate the use of official accounts or devices for work-related messaging app communications. 
  • Agencies should develop or review existing policies to clearly state whether messaging apps are permitted for work purposes. 
  • Agencies permitting messaging apps should implement policies that address information management, FOI, privacy, and security considerations. 
  • Agencies should assess the features of messaging apps to ensure they support official work and comply with legal obligations. 
  • Agencies should conduct privacy threshold assessments to ensure that preferred messaging apps handle personal information appropriately 

The OAIC plans to revisit this topic in two years to assess the progress of agencies in addressing the identified gaps and implementing the recommended improvements. 

For more detailed information, the full report is available on the OAIC’s website: Messaging apps: a report on Australian Government agency practices and policies | OAIC 

Parental Leave for Casual Employees

For casual employees the unpredictability of their employment can be a major source of stress as often casual employees miss out on many of the entitlements that full-time and part-time employees enjoy. For many, this concern is further exacerbated when they learn that they are about to become a parent. It should therefore be of …
Read more

Purchasing an Off-the-Plan Property

The interest in “off-the-plan” properties is ever increasing and is becoming more popular for buyers. An off-the-plan purchase is one where the Buyer enters into a contract to purchase a property that has not yet been constructed. Due to the prolonged settlement period for an off-the-plan purchase it is imperative for buyers and sellers to …
Read more