Public records in private accounts
Evidence of business activities are public records, regardless of how or where they are created or received, and must be managed in accordance with the Public Records Act 2002 (the Act).
Public records include emails, social media interactions, text messages and messages in any other messaging applications, photographs and videos.
The Act does not restrict the use of private email and social media accounts, messaging apps, or personal devices. However, public records created or received using these methods must be managed in accordance with the Act in the same way as public records created or received using official government channels.
Using private email and social media accounts and apps for work purposes can increase the risks of:
- public records not being captured, managed or accessible
- public records being unlawfully destroyed or lost
- information security being compromised (e.g. malware, information inadvertently shared)
- staff breaching other legislation, rules or guidelines (e.g. Criminal Code Act 1899, Right to information Act 2009, Information Privacy Act 2009, Code of Conduct)
- actual or perceived misconduct or corruption (PDF, 572KB).
- other legislation, rules, guidelines and regulations restricting or allowing the use of private email accounts for work purposes (e.g. Ministerial Records Policy , Private Email Use Policy)
- when private accounts, apps or devices can be used (e.g. email colleagues about change in work plans, working off-site, IT systems unavailable)
- with your Records Manager how and when public records sent, received or generated from a private account or apps are to be captured (e.g. forwarding the record to an official government account, exporting it into a format that can be saved).
See Capture public records below for options on capturing public records into an official government account.
All government employees need to be aware of their recordkeeping responsibilities under the Act to make and keep complete and reliable records of all work-related interactions when using private accounts, apps and devices. This includes capturing any public record created or received in a private account, or messaging app into an official government account within 20 calendar days of creation or receipt.
If a ministerial record is created or received in a private account, ministers, assistant ministers and ministerial staff must forward the email from the private account to an official ministerial account within 20 calendar days of creation or receipt.
If a mayor or councillor receives or creates a record relating to their responsibilities as a mayor or councillor in a private account, it must be captured into an official council account within 20 calendar days of creation or receipt.
Specific requests for advice relating to the implementation of policies and procedures about the management of public records in private accounts should be directed in the first instance to your agency's records area.
Capture any public record created or received in a private account, or messaging app into an official government account within 20 calendar days of creation or receipt.
Consider what processes or procedures need to be in place to capture any public records sent, received or generated in private accounts.
Use the following options to assist in the development of your procedures.
Forward the email to your official government email account and save it as per your agency's recordkeeping procedures.
Social media accounts
Capture according to your device or social media platform.
Capture according to your device and the type of interaction.
Deciding what needs to be captured
Find out more about what records you need to capture. You can also use the information guide for deciding what you need to keep (PDF, 250 KB).
The following table provides examples and scenarios to help you determine what records received or created in private accounts, apps or devices need to be captured as public records.
An email received in the private email account of the Director-General of the Department XYZ asking about the outcomes of a meeting held for which both parties were present.
An email sent by a lobbying organisation requesting a meeting to discuss the future of industry XYZ in Queensland sent to the private email account of an employee of a public authority who is known to the lobbying group personally.
Text message sent to public servant on private phone regarding update on current issues regarding disaster situation during cyclonic activity.
Photos taken on a personal phone of actions from a business unit meeting captured on a whiteboard.
Emails sent and received from private accounts while working from home or off-site, where access to work accounts is not available.
Using a private social media account to share an official post or information about a business activity.
Using a mobile app on a private device to receive access codes to allow an employee to securely access work systems off-site e.g. 2-factor authentication for Citrix, some work social media accounts etc.
Public records can only be disposed of or destroyed in accordance with the Public Records Act 2002.
Public records captured within an official government account, including those created or received within a private account or apps, or on a private device, need to be managed and disposed of in accordance with your agency's recordkeeping procedures and the Act.
Once the record has been captured into an official government account as a public record, the record on your private account or device can be deleted.
Find out more about how to destroy records.
Public records are created or received to document evidence of business activity. Personal, private, party-political, constituent or electoral records should not be combined with, or included in public records.
This includes records in any form including emails, letters, text messages, apps, social media posts, spreadsheets, etc.
This also applies regardless of where the public record is created or received, including whether the public record is created or received in official or private devices or accounts.
If other types of information are in a public record, it becomes part of that public record and must be kept for as long as that record is required to be retained in accordance with an authorised retention and disposal schedule.
It is not possible to redact or black out information in a public record, as a public record must be full and accurate. This includes any permanent value public records that are transferred to QSA and will become available for access by the public.
You can find out more about private information in public records, and see some examples of this, in our blog post Mixing your records–Don't do it!.
For more information see our advice on:
- Ministerial records policy (PDF, 504 KB)
- Roles and responsibilities of mayors and councillors
- Local government records
- What records to capture
- Private email use policy
- Text and instant messages
- Meetings and conversations
- Social media and Yammer
- Mobile and smart devices
- Surveillance and monitoring records
- Use of ICT Services, Facilities and Devices policy (IS38).