Mobile messaging has become one of the most consequential and least governed channels in modern recordkeeping. Text messages (SMS and MMS), chat applications, ephemeral messaging tools, and the messaging features embedded in collaboration platforms now carry substantive business communications that, only a decade ago, would have traveled by email or memorandum. Because these messages are created on phones and personal devices, written informally, and often deleted automatically, they pose a distinctive challenge: the content frequently qualifies as a record, but the medium resists the capture, retention, and search practices that mature programs apply elsewhere.
A defensible mobile messaging policy begins from a simple principle that governs all of records management: the obligation to preserve a record turns on the content and function of the communication, not on the device or application used to create it. A text message that documents a decision, approves an expenditure, or directs an action is a record subject to the same retention requirements as an equivalent email. The policy’s job is to translate that principle into rules people can actually follow on a small screen, and to give the organization the technical and procedural means to honor those rules.
Why Mobile Messages Are Records
Whether a message is a record depends on the recordkeeping definitions that apply to the organization. In the public sector, statutory definitions generally treat any recorded information made or received in the course of business as a potential record, regardless of format. That broad scope plainly reaches text and chat. The practical question is rarely “could this be a record” but “which messages cross the threshold,” and that determination should rest on content: messages that document agency decisions, policies, transactions, or obligations are records, while purely logistical or personal exchanges typically are not.
Because mobile messaging mixes the substantive and the trivial in the same thread, blanket assumptions are dangerous in both directions. Treating every message as a permanent record is unworkable and wasteful; assuming none of them matter invites loss of evidence and accountability. The policy should give employees clear, content-based criteria and, where feasible, route business communications onto governed channels so the hardest judgment calls are minimized.
Capture and Retention
The central technical problem is capture. Unlike email, mobile messages often live only on the device and the carrier or platform, where they may be purged on short cycles or by the user. A sound program addresses capture through one or more deliberate mechanisms: enterprise messaging platforms that journal or archive messages to a managed repository; mobile device management or archiving tools that capture business texts; or, where automation is unavailable, documented manual processes for forwarding or exporting substantive messages into an authorized recordkeeping system.
Retention follows the same schedules that govern equivalent communications. A message is scheduled according to what it documents, not the fact that it arrived as a text. Many organizations map messaging to existing categories on their records schedules, including general schedules that cover transitory and short-term administrative communications. Critically, automatic deletion settings, disappearing-message features, and short carrier retention windows must be reconciled with retention obligations; an application default that erases content after a set period cannot be allowed to override a longer required retention period. Policies should specify approved applications and disable or prohibit ephemeral features for any channel used for business.
Policy Elements and Governance
A workable policy is concrete about people and process, not just principles. Effective policies typically address:
- Approved channels and applications. Which tools may be used for business messaging, and which are prohibited because they cannot be captured or governed.
- BYOD and device boundaries. Whether business messaging is permitted on personal devices, and what capture, consent, and separation of personal data apply if it is.
- Roles and responsibilities. What individual users must do (recognize records, route or preserve them) and what records, IT, and legal staff manage centrally.
- Prohibition of evasion. A clear rule that employees may not move sensitive business onto unsanctioned or ephemeral channels to avoid recordkeeping, FOIA, or discovery.
- Training and acknowledgment. Periodic instruction and signed acknowledgment, because messaging behavior is habitual and hard to change without reinforcement.
Governance should align with broader records guidance and standards rather than a single product specification. NARA, for example, revoked its long-standing endorsement of the DoD 5015.2 standard in 2022 in favor of the Universal Electronic Records Management (ERM) Requirements developed through the Federal Electronic Records Modernization Initiative (FERMI). The shift reflects a move toward functional, technology-neutral requirements, which fits messaging well: the goal is to capture, retain, and produce content reliably, not to mandate a particular tool. International standards for records in digital environments offer complementary, format-agnostic guidance.
Legal Hold, Discovery, and Access
Mobile messages are routinely sought in litigation, investigations, and public-records requests, and courts increasingly expect organizations to preserve and produce them. Under the Federal Rules of Civil Procedure, electronically stored information includes text and chat, and the duty to preserve attaches when litigation is reasonably anticipated. The rules also address consequences when discoverable information is lost because reasonable steps to preserve it were not taken. Because messaging is so easily and automatically deleted, it is a frequent flashpoint for spoliation disputes, and a program that cannot suspend auto-deletion or collect from devices when a hold issues is exposed.
For public bodies, access regimes such as the Freedom of Information Act reach records regardless of format, including text messages about agency business, even when those messages reside on personal accounts or devices. A defensible posture therefore requires that business messaging be discoverable and searchable: the organization must be able to locate responsive messages, place them on hold, and produce them. This argues strongly for keeping business communications on governed channels and against tolerating personal-device or ephemeral messaging for substantive matters.
Building a Defensible Program
A mature approach treats mobile messaging as an integrated part of the information governance program rather than an exception to it. That means a written policy tied to the records schedule; approved, captureable channels; technical controls that disable ephemerality and enforce retention; clear user duties reinforced by training; and the operational ability to apply legal holds and respond to discovery and access requests. None of this requires a particular vendor. It requires deciding, in advance, that the convenience of informal messaging will not be allowed to defeat the organization’s recordkeeping, transparency, and accountability obligations. For related guidance on governing electronic communications, see the email and messaging topic hub.
Sources & further reading
Authoritative government and non-profit references.
- Records management policy and guidance — National Archives (NARA)
- Federal Rules of Civil Procedure — U.S. Courts
- FOIA frequently asked questions — FOIA.gov / U.S. DOJ
How to cite this page
APA
RM University Editorial Team. (2026). Mobile Messaging and Recordkeeping Policy. Records Management University. https://www.recordsmgmt.org/articles/mobile-messaging-and-recordkeeping-policy/
MLA
RM University Editorial Team. "Mobile Messaging and Recordkeeping Policy." Records Management University, 16 June 2026, www.recordsmgmt.org/articles/mobile-messaging-and-recordkeeping-policy/.