In November 2023, the Queensland Parliament passed the Public Records Act 2023, a sweeping update to modernise record-keeping across Queensland public authorities. All provisions commenced on 5 December 2024, with a key milestone in mid-2025 when mandatory standards begin to kick in.
- Timeline at a Glance
| Date | Milestone |
| 5 Dec 2024 | Act commenced; updated Records Governance Policy in effect |
| Mid-2025 | Queensland State Archives (QSA) to issue first mandatory standard (“Create & Keep”), consultation and training with agencies |
| Late-2025 to 2026 | Additional standards and compliance obligations transition |
| 2026 | Agencies should understand their record-keeping responsibilities, integrate the policy framework and adopt the mandatory standards |
| 2026 onwards | QSA will actively audit agencies, issue Protection Notices, investigate offences |
Why This Matters
The Public Records Act 2023 isn’t just a legislative update; it’s a fundamental shift in how Queensland government agencies manage information. Under this new framework, the State Archivist has been granted significant powers. They can now audit agencies, investigate compliance issues, restrict access to sensitive records, and even halt the disposal of documents deemed at risk. This level of oversight means agencies must be proactive, not reactive.
Equally important is the Act’s emphasis on cultural protection. Agencies are now required to apply strict rules for handling restricted and culturally sensitive First Nations records. Extended access controls and respectful management practices are no longer optional, they’re mandated. This change reflects a broader commitment to safeguarding cultural heritage and ensuring inclusivity in recordkeeping.
The stakes are high, unlawfully destroying or disposing of public records is now a punishable offence. Offences are firstly managed through the State Archivists powers and secondly through referral to the Crime and Corruption Commission, potentially carrying serious legal and reputational consequences. Compliance isn’t just about ticking boxes; it’s about avoiding penalties and maintaining public trust.
Transparency is a cornerstone of the Act, with agencies required to respond to restricted access requests within 35 days, and there’s a formal dispute resolution process in place. Delays or failures to comply could put your organization under scrutiny and erode confidence in your governance practices.
Risks & Challenges
The changes in the act bring significant obligations, with risks and challenges that agencies need to understand. I’ve already outlined some of the consequences of non-compliance it goes far beyond just paperwork there are real enforceable consequences.
Operational strain is another major concern not just for a records administrator but end users as well, many agencies are still relying on outdated systems that simply can’t scale to meet the Queensland State Archives’ new standards. Those legacy systems require manual processes introducing risks and burdening end users leading to human error, lost time for end users managing the process, low compliance, then subsequent corrective measures by records administrators equating to more lost time. Ideally agencies should work in the modern platforms and their records solution should manage the compliance in the background.
Cultural missteps pose a different kind of challenge. Mishandling culturally sensitive First Nations records can cause real harm to communities and erode relationships that take years to build. Compliance here isn’t just about ticking boxes, it’s about respect and responsibility.
Then there’s disaster vulnerability. Queensland is no stranger to floods and other natural events, and the Act requires agencies to notify QSA when records are at risk. Failing to do so could result in permanent data loss and regulatory breaches.
Finally, inefficient legacy systems make everything harder. A lot of agencies are leveraging modern platforms (like M365) but still store compliant content in the legacy systems. Ideally agencies should work in the modern platforms and their records solution should manage the compliance in the background. With GenAI evolving and I personally use it daily, records should scale and offer automating retention schedules. Without lifecycle automation, agencies face mounting complexity and higher costs, leaving them exposed when compliance deadlines hit.
Where Agencies Should Be Now
If you’re a Queensland government agency, the clock is ticking and now is the time to act. The first step should be a gap analysis, reviewing your current retention schedules, and confirming you have clear visibility into how records are created, stored, and disposed of.
Policies and procedures need to reflect the new definitions and obligations under the Act. If they haven’t already been updated this is a priority, this may also require technology planning to confirm how they will be met. Legacy systems will leave agencies at risk under the new regime. Agencies should be evaluating solutions that integrate with modern platforms like SharePoint Online and move towards automated lifecycle management. The solutions don’t just de-risk compliance but make it easier and allowing for faster responses to requests and audits when they undoubtedly happen.
Staff engagement and training should also be high on your list, ensuring everyone understands what’s changing and why. If you’ve moved to modern platforms already and just need to add automated lifecycle management, the training could be minimal, potentially close to zero outside of the records team.
Last but not least, stay engaged, Queensland State Archives has releasing guidance and training. Participating in any future consultations will help you stay ahead and avoid surprises when audits begin.
How Insentra Can Help
Insentra offers specialist consulting to help government agencies meet compliance by:
- Implementing SharePoint including integration with AvePoint Opus where required
- Automates record creation, retention, and disposal processes
- Provides dashboards aligned with the determined business schema
- Information Architecture & Security Expertise
- Architecting your SharePoint environment for optimal control and compliance
- Structuring metadata and permissions to support sensitive and restricted records
- Strengthening information security to protect against unauthorised access and data leaks
- Governance & Change Management
- Policy updates and rollout planning
Other Related Content:
- What is Information Architecture and Why Do You Need It?: This article explains the importance of information architecture, particularly in the context of Microsoft 365 and SharePoint Online
- Information Architecture – Part 2: How Should We Go About Defining One?: This article provides insights into creating an effective information architecture for Microsoft 365 and SharePoint Online
- Information Architecture – Part 3: Supporting User Adoption: This article discusses the foundational elements required for a detailed information architecture plan and how to support user adoption
- SharePoint: The Ultimate Guide: This eBook provides a comprehensive guide to SharePoint, covering its features, benefits, best practices for migration, and tips for structuring your SharePoint environment for maximum efficiency and usability
- Discover SharePoint Syntex: Revolutionise Document Management: This article explores SharePoint Syntex, an AI-powered solution for efficient document management, and its benefits, setup steps, and use cases.
Next Steps
Book a free consultation with our team to develop your roadmap.
If you are ready to improve compliance, strengthen governance and modernise your records environment, we would be pleased to support you.
Contact us today to discuss your needs and take the next step with confidence.
