The Case for FOIA-Ready Public Records Management Software
Public records management is no longer simply routine administrative work for state and local agencies. It has become a frontline concern across operations, legal, and cybersecurity. As digital communications continue to expand across cloud platforms, mobile devices, collaboration tools, and social media, agencies are under increasing pressure support FOIA compliance and state public record obligations by preserving, locating, and producing records quickly and defensibly.
Public sector technology, records, legal, and compliance teams are tasked with building a scalable, defensible digital records environment that supports the Freedom of Information Act (FOIA), and the legal, audit, investigative, and transparency requirements agencies face.
Government communication habits have changed dramatically over the past decade, but many government compliance solutions and records management strategies are still far behind.
Key takeaways
- Public records management is now a frontline operational, legal, and cybersecurity concern — not just routine administrative work.
- FOIA and state open records requests are becoming harder to manage as agency communications spread across email, mobile, collaboration tools, cloud apps, and social media.
- Work-related text messages, chats, and mobile communications may qualify as public records, even when sent from personal devices.
- Agencies need centralized, defensible records management software that can capture communications, preserve metadata, support unified search, and automate retention at scale.
Why Public Records Requests Are Becoming More Difficult
The volume and complexity of public records requests continue to grow rapidly. According to the U.S. Department of Justice Office of Information Policy FY2024 FOIA Summary Report, federal agencies received approximately 1.5 million FOIA requests during Fiscal Year 2024 — a substantial increase from previous years. Agencies also processed nearly 1.5 million requests during the same reporting period, revealing government records systems are also feeling the pressure.
At the same time, agencies are managing much larger volumes of electronically stored information (ESI), including email, collaboration platforms, mobile messaging, cloud applications, and social media content.
Research highlighted in IDC’s Data Age 2025 study estimates that the global datasphere will grow to 175 zettabytes. Much of this information is unstructured data that still has to be retained, governed, searched, and produced during litigation, investigations, audits, or public records requests.
The problem is no longer simply staffing shortages or budget constraints. The larger issue is that records management technologies and governance policies were never designed to support today’s cloud-first collaboration environment.
Many organizations still rely on fragmented repositories, manual collection processes, and outdated retention workflows, resulting in significant operational inefficiencies and compliance risks.
This makes it hard for agencies to defend their processes.
When records are spread across multiple systems, devices, and cloud applications, agencies often struggle to quickly, consistently, and completely locate responsive information. Unfortunately, many organizations do not discover these gaps until they’re faced with litigation, regulatory inquiries, or high-profile public records requests.
The Expansion of Digital Communication Channels
Government communication no longer occurs exclusively through email. Employees and elected officials routinely use modern collaboration and messaging platforms such as:
- Microsoft Teams
- Slack
- Zoom
- SMS and mobile messaging applications
- Social media platforms
This shift has fundamentally changed how public records are created and stored. Records now reside across decentralized cloud environments, mobile devices, collaboration tools, and third-party applications, creating substantial governance and compliance challenges.
The National Association of State Chief Information Officers (NASCIO) continues to identify digital government modernization, cybersecurity, cloud governance, and data management as top strategic priorities for state technology leaders.
What many agencies are now discovering is that decentralized communications often create decentralized risk.
Without centralized archiving and governance capabilities, agencies may unintentionally create information silos that are difficult to search, preserve, authenticate, and produce consistently in response to public records requests or litigation.
See how secure communications support state and local agencies
Public-sector organizations face constant pressure to maintain service continuity while managing risk across departments. Learn how purpose-built solutions help state, local, and education agencies capture, govern, and protect critical communications.
Text Messages and Mobile Communications Are Public Records
Mobile communications have become a top concern for government legal and compliance teams.
Text messages, collaboration chats, and mobile messaging applications have fundamentally changed how public business is conducted. Still, many agencies lack clear governance policies and technical controls needed to manage these communications in a way that supports FOIA compliance and state public records obligations.
Courts across the United States have increasingly ruled that work-related text messages may constitute public records regardless of whether they originate from government-issued devices or personal smartphones.
Several landmark legal decisions have reinforced that the content of the communication — not the device itself — determines whether a message is subject to disclosure requirements.
The California Supreme Court decision in City of San Jose v. Superior Court established that communications related to public business conducted on private devices may still qualify as public records under the California Public Records Act.
Similar rulings in states such as Washington and Florida have reinforced the requirement for agencies to include mobile communications in good faith public records searches.
The increasing use of Bring Your Own Device (BYOD) policies further complicates compliance efforts. In practice, agencies without centralized mobile archiving capabilities often struggle to preserve records consistently or authenticate communications during litigation and investigations.
In conversations with state and local agencies over the past several years, one issue has repeatedly surfaced: many organizations still underestimate how difficult mobile communications collection can be during litigation (collection and litigation hold) or public records disputes.
This creates both legal and operational risk.
The Risks of Manual Records Management
Manual public records management processes create substantial operational, legal, and reputational exposure.
Agencies that depend on employees to manually preserve records or identify responsive communications frequently encounter:
- Incomplete collections
- Inconsistent retention practices
- Delayed response times
- Increased legal exposure
- Higher eDiscovery costs
- Missing or inaccessible records
The consequences from these public sector technology failures can be severe.
In Oregon, the City of Portland reportedly paid approximately $167,000 in legal fees and settlements related to disputes involving the retention and disclosure of text messages connected to public business.
Across the country, courts increasingly expect agencies to maintain reasonable technological capabilities for locating and producing electronically stored information. Arguments that searches are too difficult or time-consuming have become harder to defend when modern archiving and search technologies are widely available and increasingly viewed as industry best practices.
More importantly, the financial cost is often only part of the damage.
Agencies may also face:
- Reputational harm
- Increased public scrutiny
- Litigation sanctions
- Regulatory investigations
- Loss of public trust
From a public accountability standpoint, missing records can quickly become headline news.
Artificial Intelligence and Modern Records Management
Technology-Assisted Review (TAR)
Technology-Assisted Review, also known as predictive coding, uses machine learning (ML) models to identify potentially relevant documents more efficiently than traditional keyword searching alone.
TAR is already widely used in eDiscovery workflows to reduce review time, reduce false positives, improve consistency, and lower legal costs.
Automated Classification
AI-driven classification technologies can analyze content and metadata to apply retention schedules automatically based on document type, department, regulatory requirements, geography, or business function.
Intelligent Redaction
AI-powered redaction tools, including data masking and anonymization based on access privileges, can help identify personally identifiable information (PII), protected health information (PHI), financial data, and other sensitive content that require removal or masking before disclosure.
Enhanced Searchability
Natural language search and semantic indexing technologies can improve the speed and accuracy of records retrieval across large repositories of unstructured data.
However, agencies should also consider the long-term governance implications of AI systems themselves.
As public agencies increasingly rely on automated decision-making technologies, the algorithms, training data, outputs, and feedback iterations associated with those systems may themselves become discoverable records subject to public disclosure or litigation.
Transparency and explainability will become increasingly important components of future AI governance strategies.
What to Look for in Public Records Management Software
When evaluating public records management and archiving platforms, agencies should prioritize solutions designed to support defensible compliance, scalability, automation, and long-term governance.
1. Comprehensive Data Capture
Solutions should support ingestion from a broad range of communication channels:
- SMS and mobile messaging
- Collaboration platforms
- Social media
- Voice and video communications
- Cloud applications
The reality is that agencies can no longer govern only email and consider the job complete.
2. Metadata Preservation
Maintaining message metadata is essential for proving authenticity, establishing chain of custody, and supporting defensibility during litigation or investigations.
Agencies should avoid systems that rely solely on screenshots or static exports.
Critical metadata includes:
- Sender and recipient information
- Emojis and sentiment indicators
- Timestamps
- Attachments
- Edits and deletions
- Channel or conversation identifiers
Metadata is often just as important as the communication itself.
3. Unified Search and Retrieval
Centralized cloud archives that consolidate communications across multiple platforms significantly reduce the burden on IT, legal, and records teams during investigations, litigation holds, audits, or public records requests.
Without centralized search, response times and collection costs can escalate quickly.
4. Immutable Audit Trails
Defensible archiving systems should provide tamper-resistant audit logging capable of documenting:
- Record creation
- Access activity
- Retention actions
- Export history
- Administrative changes
- Access history
Together, this information helps agencies demonstrate accountability and defend the integrity of their records management processes.
5. Cloud-Native Scalability
Cloud-native archiving platforms make it easier for agencies to manage growing communication volumes without adding more infrastructure complexity.
Instead of forcing agencies to overbuild on-premises environments for peak demand, cloud-based architectures allow organizations to scale capacity dynamically as data volumes and search requirements increase.
For agencies facing long-term growth in unstructured communications, scalability is no longer optional.
Building a Defensible Governance Strategy
Many agencies discover too late that purchasing an archive does not guarantee defensible governance.
Without clear policies, employee training, executive support, legal coordination, and ongoing governance oversight, even the best archiving platform can fail during litigation, audits, or public records disputes.
Establish Clear Communication Policies
Agencies should define which communication platforms are approved for official business and ensure those channels are automatically archived and governed consistently.
Address BYOD Risks
BYOD environments require strong governance controls that can separate personal and business communications while preserving discoverable records.
Agencies should clearly define:
- Which applications may be used for official business
- How work-related communications will be archived
- Security requirements for mobile access
- Procedures for preserving records during investigations or litigation
Train Employees Annually, Retrain Regularly
Texts, chats, collaboration messages, and social media communications may all qualify as public records subject to disclosure requirements.
One of the biggest misconceptions employees still have is assuming informal communication platforms somehow fall outside public records laws.
Automate Retention Policies
Automated retention classification can help reduce human error, improve consistency, increase operational efficiency, and ensure records are retained and disposed of in a defensible manner in accordance with regulatory requirements.
Coordinate Legal, IT, and Records Teams
Effective information governance requires ongoing collaboration between:
- IT departments
- Records management teams
- Legal counsel
- Compliance officers
- Security teams
Governance failures often occur when these groups operate independently rather than collaboratively.
Public Records Compliance Is a Public Trust Issue
Compliance is ultimately about far more than responding to FOIA and public records requests.
It is about maintaining public trust, demonstrating accountability, and protecting the integrity of government operations in an increasingly digital world.
Agencies that continue to rely on fragmented repositories, manual collection processes, and outdated retention practices will face increasing operational strain, legal exposure, and reputational risk.
In contrast, organizations that invest in centralized governance, defensible archiving, and modern cloud-based records management strategies will be significantly better positioned to improve transparency, reduce compliance risk, and support long-term operational resilience.
Digital communications are expanding faster than most government policies and technologies were originally designed to handle.
Agencies that modernize now will be far better prepared for the operational, legal, and public accountability challenges ahead.
Frequently asked questions
Legacy records management systems were originally designed to manage email and paper-based records, not today’s decentralized digital communication environment. As a result, agencies that rely on fragmented or manual processes often experience delayed searches, inconsistent retention practices, incomplete collections, and increased legal exposure during FOIA and public records requests, litigation, audits, or investigations.
Yes. Courts across the United States have increasingly ruled that work-related text messages and mobile communications may qualify as public records regardless of whether they originate from government-issued devices or personal smartphones. The determining factor is the content of the communication, not the device itself. It’s important that agencies are able to preserve, search for, and produce mobile communications in response to public records requests, litigation, or investigations.
Agencies should prioritize platforms that support comprehensive data capture, metadata preservation, unified search and retrieval, immutable audit trails, defensible retention management, and cloud-native scalability. Increasingly, organizations are also evaluating AI-driven capabilities such as automated classification, predictive coding, intelligent redaction, and semantic search to improve operational efficiency and strengthen defensibility.
Share this post!
Bill is a frequent speaker at legal and information governance industry events and has authored four eBooks including Email Archiving for Dummies, Cloud Archiving for Dummies, The Bartenders Guide to eDiscovery and the Know IT All's Guide to eDiscovery. Bill has also authored 60 plus industry articles and hundreds of blogs as well as hosting 37 podcasts with industry pundits, subject matter experts, state legislators, and attorneys.
- The Case for FOIA-Ready Public Records Management Software - June 1, 2026
- Cybersecurity Threats Targeting Government Communications - May 18, 2026
- Text Message Archiving for Government Agencies - April 28, 2026
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing [email protected].
FOLLOW US