Skip to main content

Ngā kōrero pātuhi me ētahi atu momo whitiwhiti kōrero
Text messages and other communications

Text messaging or any other electronic communications used to conduct business are considered as records under the Public Records Act 2005.

Select your language

The document identifier for this guidance is 16/F3 v.3 and it was approved in July 2024.

Please note that the PDF of this page has been removed because the content is the same and our website has a feature to print a webpage. You can also see a preview of this by using the print command (CTRL + P). If you still require a PDF version, please contact us at rkadvice@dia.govt.nz

If an organisation uses text messaging or any other instantaneous, non-sequential electronic communication mechanism to conduct business, for example social media, these communications are considered records under the Public Records Act 2005 (the Act). As such, they must be managed accordingly.

How to manage text messages and other communications

Organisations constantly balance concerns about providing practical guidance with the needs of staff to use the best electronic messaging and communication systems and devices available to conduct business. Many text messages and other communications will be facilitative, transitory, or of short-term value. Preventing staff from using these communication systems to conduct official business is unrealistic, hard to enforce, and does not acknowledge the various ways people communicate.

Your organisation is best able to decide what solutions will suit your information and records management needs when you establish:

  • what messaging and communications technologies are being used

  • the proportion of staff using those technologies and how often

  • the kind of content that is commonly included in these communications

  • your overall risk profile

  • how staff currently handle text messages and other communications

  • who owns the communications devices

  • the privacy and security risks.

You should consider adopting a mixture of in-house and outsourced technical or “low-tech” procedural solutions, and tailoring those solutions to fit your organisation's needs. Consult with your information technology and telecommunications staff and providers to determine which approach best suits.

Technical and compliance issues to be aware of

Your organisation may face technical issues when managing text messages and other communications as records. These issues may include:

  • the capability of electronic communications systems and devices to capture and create a record, including usable and sufficient metadata

  • trusted verification of user identity

  • exposure to viruses and spyware

  • capability to create and maintain a string of communications that help keep the message in context

  • use of non-government software and hardware

  • potential incompatibility of different electronic messaging and communications programs

  • digital preservation of information and records that have long-term value.

Public sector organisations must also be aware of compliance issues when managing text messages and other communications used to conduct business. These issues include:

  • mandatory requirements under the Act

  • obligations and considerations under the Privacy Act 2020

  • official information requests and evidence discovery requirements under the Official Information Act 1982 and Local Government Official Information and Meetings Act 1987

  • accessibility requirements under the Contract and Commercial Law Act 2017

  • security considerations.

Procedural and technical approaches

The two approaches outlined below offer different yet complementary ways of dealing with issues related to managing text messages and other electronic communications.

  1. Procedural approaches: focus on ensuring that compliant records and metadata are created through non-technical (sometimes manual) methods.

  2. Technical approaches: focus on identifying software and technologies or service providers that can create compliant records and metadata.

Procedural approaches

Taking a procedural “low-tech” approach to identifying, managing and capturing text messages and other communications can include, for example:

  • Developing policies and procedures to address some of the compliance issues noted. One example is to provide guidance on how to identify communications that are not facilitative, but that are transitory or have short-term value, and knowing what to do with these.

  • Introducing regular reviews to ensure policies and processes are kept up to date with changes in technology.

  • Training staff in simple and practical methods of capturing text messages and other communications in official information and records management systems. One example is by making a file note of the content of the message.

Technical approaches

Using technical solutions to manage text messages and other communications can include, for example:

  • Installing new software, such as mobile device management software which integrates with official networks and systems to centrally configure, manage and secure applicable text message/communications-capable devices.

  • Using new technologies, such as virtualisation technologies which lets users work in virtual environments through virtualisation or “thin client” solutions.

  • Configuring existing technologies to enable easy and automated capture of electronic messages, other communications, and metadata.

  • Ensuring that text messages and communications, including metadata, can be exported from the system(s) in which they were originally created.

  • Using third-party services to capture all email, chat, text messages, and other communications created through your systems.

Factors you need to consider when selecting technical solutions

Nature of solution

  • Is the solution built into the messaging or communications product, or is it an add-on?

  • If the solution is not available in-house and is provided by an external service provider, what guarantees about long-term access can the service provider offer?

  • What format or formats can the communications be generated in or converted into?

  • Can the solution interface with your organisation's existing information and records management systems? Is so, does that interface (method or program) have any restrictions?

Capture method

  • Does the capture of the text message or other communication occur automatically, or does it have to be activated manually?

  • Does the capture have rules? If so, and the capture is automatic, how flexible are those rules?

  • Can the capture mechanism be tailored to capture conversational threads?

  • Can users bypass the capture?

Metadata

  • What level of metadata can the solution capture?

  • How customisable is the metadata set?

  • How automated is the metadata collection?

  • How secure (tamper-proof) is the metadata set?

  • Does the solution allow for both manual entry of metadata and automated capture of some elements?

Security and legal compliance

  • What security measures can be applied to the solution?

  • What, if any, form of identity verification is offered?

  • Does the solution comply with relevant legislative and policy requirements?

  • Will the solution enable your organisation to comply with relevant legislative and policy requirements?