Managing information on mobile devices
Mobile devices, such as smart phones and tablets are increasingly being used by agencies as a communication tool. They generate and receive emails, SMS, instant messaging and voicemails. If this information documents your agency's business activities, it is a Commonwealth record that needs to be managed.
It is important that key information of discussions, deliberations and decision making on these devices is captured.
Mobile device policy
Your agency should have a policy on the use of mobile devices including information on:
- delineating official use from personal use
- bring your own device (BYOD) protocol
- identifying and capturing information in a records information system or other endorsed business system
- ensuring the security and privacy of information on mobile devices
The mobile device policy should also be linked to, or incorporated into, your agency's information management policy. The Australian Signals Directorate and the Department of Finance have guidance on the security and privacy of information on mobile devices.
Messages on my smart phone or mobile device
If you have been issued an agency’s mobile device, or have been approved to use your own, you are responsible for capturing any information that conveys a business decision or discussion. Messages received on your smart phone or mobile device, in forms such as email, SMS, instant messages or voicemail, are subject to the same requirements as email messages received on your desktop computer or voicemail at your desk phone.
If the message on your mobile device contains information that supports the business of your agency, you need to document and capture the information in your agency's records management system or other endorsed business system as soon as possible.
Saving instant messaging (IM) exchanges
Instant messaging (IM) exchanges documenting your agency's business activities are Commonwealth records. However, you need to make a decision as to whether they are informal, transitory or short-term items which can be destroyed according to your agency's Normal Administrative Practice (NAP) guidelines, or whether they are business records documenting discussions, deliberations and decisions.
Most IM exchanges are informal, transitory or short-term. If an agency starts to transact business or receive requests from the public using IM, the exchanges then become a record and should be captured in your agency's records management system or other endorsed business system.
If an agency starts to transact business or receive requests from the public using IM, the exchanges become a record and should be captured in your agency's records management system or other endorsed business system.
There are two options for recording this information – technical and procedural:
- technical – involves software which creates logs and records of IM conversations
- procedural – requires staff to create a file note with key information of discussions or decisions made at the time of the message and save it in your agency's records management system, or other endorsed business system, as soon as possible.
Managing voicemail messages
Voicemail messages documenting your agency's business activities are Commonwealth records. You will need to decide whether they are informal, transitory or short-term records which can be destroyed according to your agency's normal administrative practice (NAP) guidelines, or whether they are important business records.
Some voicemail is simply to arrange a meeting or asking you to return a call. Other voicemail may be a request from the public or contain information required for business. The information in these voicemail messages should be retained.
If the voicemail message cannot be captured electronically in the records management system, or other endorsed business system, you should make a file note and save it on a corporate file as soon as possible. A file note should provide details of who sent and received the message, the date and time received and notes on what was requested, directed or decided.
Using third-party messaging platforms
Most instant messaging platforms are owned by non-government organisations, for example iMessage, Slack or WhatsApp. This means the information will be carried across different platforms or networks, with various legal and contractual arrangements in place for the carriage of your information.
When using third party messaging platforms, it is important to ensure that any Australian Government obligations, including the management of information, are met. Business related messages created, sent and received on third party platforms may not be legally regarded as a Commonwealth record, despite being created by an Australian Government agency. As a result these messages might not be retained for as long as they are required and ongoing access to the information may not be assured. Your agency’s mobile device policy should identify what type of information needs to be captured in your agency’s records management system or other endorsed business system.
Your agency must consider carefully the risks of using platforms that delete messages automatically or after a set period of time. To avoid losing Commonwealth records, business related messages should be kept and captured in the records management system or other endorsed business system as soon as possible. Your third-party platform provider will likely provide an option or API for exporting messages. There are also software products that can assist with this. Your agency should take a risk-based approach in assessing if the platform is fit-for-purpose.
- Australian Signals Directorate
- The Protective Security Framework (PSPF)
- Department of Finance, Whole of Government Information and Communications Technology, Policies and Guidelines for Mobile Technology (formerly AGIMO)
- Normal Administrative Practice (NAP) guidelines
- Managing social media
- Your social media policy – what about records?
- Agency Service Centre