- Social media and instant messages used as part of agency business are official Government records.
- Consider information management requirements and risks early in your social media and IM adoption.
- Make staff aware of social media and messaging policies and procedures that includes their information management responsibilities.
- Work out what needs to be kept and what can be deleted using Records Authorities and Normal Administrative Practice.
- No solution is perfect. Mitigating risks and documenting your decisions are good practices and key to success.
Posts and messages are records
Social media and instant messaging posts, media, comments, messages and analytics that are created or received as part of Australian Government business are Commonwealth records. To be accountable, your agency must also manage these types of records.
The National Library of Australia does not routinely capture social media sites as part of its program to archive Australian Government websites under the legal deposit scheme. The responsibility rests with individual agencies.
Third party social media and messaging platforms are often:
- vulnerable to content deletion, change, and undesirable re-use
- unable to create or capture enough metadata for information management purposes
- not able to manage disposal
- limited in their ability to import, export or generate reports.
Social media and messaging records generally cannot be safely managed in place. They should be saved into an endorsed business system where they can be managed accountably.
Social media and messaging platforms also present risks to personal privacy, cybersecurity and intellectual property rights. Your agency's decision to sanction the use of specific platforms should consider all the relevant risks, as should any policies and procedures for users. Collaboration between the relevant areas in your agency will ensure staff have access to comprehensive guidance. For example, you will need to consider the Australian Privacy Principles and cyber security guidance.
Policies and procedures
Make your staff aware of their responsibilities in using and managing social media and messaging. Your agency’s policies and procedures about the use of social media and portable devices should highlight or link to responsibilities and information management guidance. Your social media policy – what about records? provides guidance on what should be included.
Social media and instant messaging should also be factored into information governance planning and documentation. Consider evaluating the information management functionality of social media and instant messaging platforms by using the Business System Assessment Framework as part of the procurement or adoption process. You may also consider platform-specific information management plans that outline management decisions.
What to keep
Agencies should retain records in line with relevant records authorities. This includes agency-specific authorities, general records authorities and AFDA Express. Developing a risk-based approach may be warranted in some cases. Decisions should be informed by a risk assessment that considers legislative and regulatory requirements, business needs, community needs, and expected outcomes.
Some of our guidance for managing email can be applied to instant messaging records, such as those created in WhatsApp, Facebook Messenger, Telegram and Signal.
Depending on how your agency saves instant messaging records, it may not be possible or practical to sentence records individually. Taking a risk-based approach, you could apply a function and class from a general or agency-specific records authority to an instant messaging account or aggregated records which reflects the position of the account holder. You may decide, for instance, that your senior executives’ messages should be retained as national archives or for a specific period in line with a function and class that pertains to their role. If it is your agency’s policy that instant messaging must only be used for low value and low risk interactions, you may decide that the records of most account holders can be deleted or kept for a short period only.
Public posts made by any official agency social media account, for example those on Facebook, Twitter, YouTube or LinkedIn, should be retained in line with AFDA Express v2 (External Relations) or relevant functions in general or agency-specific records authorities.
Responses to posts, such as messages and enquiries from the public should be managed at the item level in accordance with the topic of the communication, or the relevant AFDA Express v2 External Relations function.
Depending on how your agency captures social media content, it may not be possible to manage records at the item level as described above. Using a risk-based approach, aggregate sentencing can be achieved by applying a function and class from an agency-specific or general records authority that corresponds to the position of the account holder or the general topic covered by the account. For example, you may decide that your main agency account(s) on each platform will be retained as national archives or as long-term temporary records (depending on the typical nature of the posts) but other accounts created for specific purposes will be retained in line with a function and class relevant to the topic of the account and business needs.
Your agency may decide that the risks of saving replies outweighs the benefits, and decide to capture them on an ad-hoc manual basis to ensure no personal, sensitive or offensive content is captured. Decisions not to capture or delete certain records should be documented. Some agencies may even choose to turn off comments and provide other channels for public enquiries and feedback.
Ministers of State
Social media and instant messaging records created by Ministers or Ministerial offices must be managed in accordance with GRA 38.
What to delete
You can routinely delete records that have little or no business value as long as if it is allowed by your agency's normal administrative practice (NAP). For example, copies and duplicates can be considered for destruction using a NAP. This includes media files shared via social media, where the original version is already stored in your agency’s records management system or another endorsed business system.
Posts and messages that cannot be deleted under normal administrative practice should be captured and retained as described above, unless approval to delete is obtained from your agency’s information managers.
How to save
The way your agency saves social media and instant messaging records will depend on many factors, including resourcing, the types of social media platforms in use, and the extent to which your agency engages with social media. It may be necessary to use more than one method, for instance, if your main capture method is incompatible with one or more platforms. Any decisions should be documented in your social media policy and information governance so staff are clear on their responsibilities.
Capture technology is diverse and constantly evolving. Some agencies rely on manual capture, for example ad hoc screenshots or periodic exports saved to a records management system. The manual approach places the responsibility for capture on individual staff.
Some agencies have implemented automated, partially-automated or integrated solutions using technologies such as:
- web capture tools
- platform-specific application programming interfaces (APIs) to pull content
- web crawling or other software to create local versions of sites
- social media monitoring or dashboard tools.
Finding out what is already being used in your agency is a good starting point. You may find that existing tools can be adapted for information management purposes, or that you can identify a new system or technology stack to meet everybody's needs.
Platform-specific export instructions
Most social media and instant messaging platforms allow users to retrieve or create backup copies of their content. Copying your data at regular intervals and saving it to an agency-endorsed business system is one way of saving your information manually. This practice places the responsibility on the account holder and, depending on how frequently you capture your information, there is a risk that some information will change or be deleted before it is captured.
This advice is provided on the assumption that you are using an approved Australian Government issued/managed device to retrieve your information.
- Facebook Messenger
- WhatsApp (iPhone instructions)
Describe your records
Whatever methods your agency uses, you need to ensure that enough metadata is recorded to assure a record’s authenticity, reliability, integrity and useability. The minimum metadata set is a good start for what metadata to capture. Be aware that most social media and messaging platforms do not natively capture all of the minimum metadata set properties, meaning they will need to be added at the point of capture, either manually or through automated means.
Maintaining the relationship between records is also critical to maintaining its authenticity. This may be as simple as capturing screenshots that show a message and all replies together, or an export of aggregated records that are displayed in their original order. Automated systems must be evaluated to ensure they capture sufficient context too.
The format of your records will be dependent on the method of capture and the content of the interaction. See our born-digital file format standards for further guidance.
In-house and agency-hosted platforms
Enterprise social media and messaging platforms, such as Microsoft Yammer, Teams or Slack and agency-hosted social media sites, such as blogs or forums, can present similar issues to 3rd party platforms. Sometimes there is scope to improve the systems over time, either through configuration or build upgrades. Use the Business System Assessment Framework to assess their information management functionality. You may decide to use strategies described on this page to address any gaps.