When Messages Vanish: The Record Management Challenge of Ephemeral Communications

By: Tori Miller Liu, CIP on April 24th, 2025

When Messages Vanish: The Record Management Challenge of Ephemeral Communications

Information Governance | Compliance | Information Security | Intelligent Information Management (IIM)

Recent headlines have brought ephemeral messaging apps into focus for information management practitioners. With two separate incidents where U.S. Department of Defense leadership shared confidential information via disappearing message platforms, the conversation about these tools has never been more urgent.

It's timely that AIIM has just published a new white paper "When Messages Self-Destruct: The Hidden Risks of Ephemeral Communication for Information Governance" by AIIM Fellow and Award of Merit recipient John Newton that explains ephemeral communications and their impact on information management and governance.

The Increasing Use of Disappearing Messages in Government

The use of self-destructing messaging apps by government officials isn't just anecdotal. An Associated Press review across all 50 states found accounts on encrypted platforms registered to cellphone numbers for over 1,100 government workers and elected officials. This widespread adoption raises serious questions about records management and transparency.

As Newton points out in his white paper, "For leaders in government and regulated industries, the lesson is that we must evolve our practices to meet this reality, without abandoning the principles of accountability. It's not an either/or choice between using secure messaging and maintaining records – it's about finding a way to do both."

What Exactly Are Ephemeral Messaging Apps?

Jesse Wilkins, CIP and AIIM Fellow, provides a clear definition in his blog post on the topic: "As the name suggests, messages sent using these apps are very ephemeral and generally self-delete automatically, either upon being read or after some (very short) period of time. Most of these apps delete the messages from all devices automatically, but some apps allow for configurability of the delete process, for example, increasing the time to 7 days instead of immediately."

This characteristic of automatically disappearing messages creates unique challenges for information governance professionals, particularly when it comes to record-keeping requirements.

Record or Not? The Definitional Challenge

One of the most pressing questions for information professionals is fundamental: Do ephemeral communications count as official records?

Newton explains that by law and principle, most public records laws say it's the content of a communication, not the medium, that makes it a record. An official decision conveyed in a Signal message is supposed to be as much a record as if it were sent on government letterhead.

The problem is that these ephemeral apps, by their very design, challenge this principle. When messages disappear by default, organizations face significant challenges in preserving institutional memory and meeting regulatory obligations.

Conflicting Regulatory Guidance

What makes navigating this landscape particularly complex is the conflicting guidance from various government entities regarding ephemeral communications.

The U.S. Securities and Exchange Commission (SEC) has taken a strict stance, charging 16 Wall Street firms with recordkeeping failures in 2022. These firms' employees had routinely communicated about business matters using text messaging applications on their personal devices from January 2018 through September 2021. The SEC's action signals that ephemeral communications regarding business matters must be preserved.
Similarly, the Federal Trade Commission (FTC) emphasized that preservation responsibilities extend to ephemeral messaging tools. As FTC Bureau of Competition Director Henry Liu stated, "this preservation responsibility applies to new methods of collaboration and information sharing tools, even including tools that allow for messages to disappear via ephemeral messaging capabilities."
Meanwhile, the U.S. Department of Justice recommends that prosecutors evaluate "a corporation's policies and procedures governing the use of personal devices, communications platforms, and messaging applications, including ephemeral messaging applications" when assessing corporate compliance.
In contrast, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) actually encourages the use of ephemeral applications in some contexts, recognizing their security benefits. The European Union has encouraged the use of encrypted messages for security purposes.
In March 2025, Australia's Office of the Australian Information Commissioner recommended agencies develop clear policies on whether messaging apps are permitted for work purposes and conduct due diligence on the privacy implications of any apps they allow.

The Convenience vs. Compliance Balancing Act

How do you balance convenience and efficiency with compliance and transparency? This question sits at the heart of the challenge.

Newton's white paper illustrates this tension through a case study where senior U.S. officials coordinating a military operation inadvertently invited a journalist into their encrypted Signal group chat. This incident not only represented a security failure but highlighted the broader record-keeping challenge: how is institutional memory preserved when communications vanish by design?

While apps like Signal, WhatsApp, and Snapchat offer real-time collaboration advantages, they create significant blind spots in documentation. Organizations need to consider implementing proper governance frameworks that recognize the legitimate uses of these tools while ensuring important communications are preserved.

Moving Forward

As Newton suggests in his white paper, the solution isn't prohibiting these tools outright but developing proactive governance approaches that anticipate their use. This might include deploying enterprise versions of secure messaging with archiving capabilities or creating processes to capture key decisions made in ephemeral channels.

Australia's four-point recommendation framework offers a practical starting point:

Review or develop clear policies on whether messaging apps are permitted for work
Ensure policies address information management, freedom of information, privacy, and security
Examine app features needed for official work and conduct due diligence
Verify that permitted apps handle personal information appropriately

Learn More with AIIM's New White Paper

The white paper "When Messages Self-Destruct: The Hidden Risks of Ephemeral Communication for Information Governance" is available now from AIIM. For information professionals navigating this rapidly evolving landscape, it provides critical insights into balancing modern communication needs with enduring governance principles.

AIIM members are able to download a copy of the white paper in the Member Resources Library. We also encourage members to join the conversation about this white paper in our online community. Not a member? Join today.

About Tori Miller Liu, CIP

Tori Miller Liu, MBA, FASAE, CAE, CIP is the President & CEO of the Association for Intelligent Information Management. She is an experienced association executive, technology leader, speaker, and facilitator. Previously, she served as the Chief Information Officer of the American Speech-Language-Hearing Association (ASHA) and been working in association management since 2006. Tori is a current member of the ASAE Executive Management Advisory Council and AI Coalition. She is a former member of the ASAE Technology Professional Advisory Council and a former Board Member of Association Women Technology Champions. She was named a 2020 Association Trends Young & Aspiring Professional and 2021 Association Forum Forty under 40 award recipient. She is also an alumna of the ASAE NextGen program. She is a Certified Association Executive and holds an MBA from George Washington University. In 2023, Tori was named as a Fellow of the American Society of Association Executives (ASAE).