IM BLOG: Why Information Governance Is the Real AI Advantage
Artificial intelligence is quickly becoming part of how government and industry work, decide and serve. But one truth is becoming clearer every day - AI is only as trustworthy, useful and defensible as the data and information it relies on.
For records managers, information managers, and governance professionals, this is a pivotal moment. The AI conversation often focuses on models, tools and automation. But the real differentiator will be whether organisations can prove that their information is accurate, lawful, discoverable, secure, retained appropriately and used for the right purpose.
In other words - good AI needs good data - and good data needs good governance.
AI Amplifies Governance Risk
AI systems can summarise, classify, recommend and generate content at remarkable speed. But they can also amplify poor data quality, outdated records, weak metadata, biased datasets, and unmanaged information sprawl.
This matters because AI is not operating outside existing obligations. Privacy, records, information security, retention, access, explainability and accountability all continue to apply. The technology may be new, but the need for trusted information management is not.
For public sector agencies across Australia and New Zealand, the risk is not simply that AI might produce an incorrect answer. The bigger risk is being unable to explain the information foundation behind an AI-enabled recommendation, decision, summary or workflow.
The Legislative Environment Is Moving Fast
In Australia, the Privacy and Other Legislation Amendment Act 2024 has strengthened the privacy landscape, including new enforcement mechanisms, children’s privacy reforms and future transparency obligations relating to substantially automated decisions. These reforms reinforce the need to understand what personal information is being used, why it is being used, and how individuals are affected.
Australia has also considered AI-specific governance through proposed mandatory guardrails for high-risk AI settings. While the Government has indicated it will not proceed with those specific proposals at this time, the direction remains clear - organisations will increasingly need evidence-based accountability around AI risk, data governance, testing, human oversight and transparency.
The Australian Government’s Data and Digital Government Strategy sets a 2030 ambition for simple, secure and connected public services enabled by strong data and digital capability. Importantly, it links data and digital transformation with public trust - a connection that becomes even more important as AI becomes embedded in service delivery.
New Zealand is moving in a similar direction. The Privacy Act 2020 remains a core foundation for AI governance, while the Privacy Amendment Act 2025 introduces new transparency expectations for indirect collection of personal information from 1 May 2026. New Zealand’s national AI Strategy also takes a principles-based approach, relying on existing legal frameworks such as privacy, human rights and consumer protection to manage AI risk.
Records Are the Evidence Layer AI Depends On
For AI to be trusted, organisations must be able to answer practical questions: Where did this data come from? Was it collected lawfully? Is it current and complete? Who has accessed or changed it? What retention and disposal rules apply? Can we explain how an AI-assisted decision was made? Can we produce the record if challenged?
These are not abstract governance questions. They sit at the heart of accountability. Well-managed records provide evidence of business activity, preserve organisational memory, support rights and entitlements, and enable transparent decision-making. Without that evidence layer, AI outputs become difficult to trust, defend and improve.
This is particularly important in public sector environments where decisions can affect benefits, licences, compliance activity, investigations, health, education and access to services. In those contexts, AI must be more than clever. It must be explainable, auditable and grounded in reliable information.
Information Managers Are Moving from Back Office to Front Line
The age of AI will elevate the role of records and information managers. In my view, these professionals will become more visible, more strategic and more central to public trust.
Why? Because AI governance cannot be left solely to technologists. It requires people who understand context, provenance, classification, retention, disposal, access controls, legal holds, privacy, metadata, auditability and evidentiary value. That is the professional domain of records and information management.
In practice, records and information managers will increasingly help agencies define trusted datasets for AI use, identify information that should not be used in AI tools, establish retention rules for prompts and outputs, strengthen metadata, support privacy impact assessments, and ensure that AI-assisted decisions leave an appropriate audit trail.
This is not a diminishing profession. It is becoming a more public one. As AI becomes more visible to citizens, ministers, executives, regulators and auditors, the professionals responsible for information quality and governance will also become more visible.
The Trust Test: Can You Explain It?
The public sector standard for AI should not simply be whether a tool works. It should be whether its use can be explained, justified and trusted.
That means organisations need to know what information was used, what was excluded, what rules applied, what human oversight occurred, and what record remains. These are the foundations of responsible AI adoption - and of mature records and information management.
As AI becomes embedded in service delivery, compliance, investigations, policy, grants, regulation and citizen engagement, organisations will need more than enthusiasm. They will need defensible information foundations.
Final Thought
Good AI is not created by technology alone. It is created by trustworthy data, strong governance, clear accountability and skilled professionals who know how information should be managed over time.
For RIMPA Global members, that should be energising. The AI era of records and information management may be the profession’s most important chapter yet.
Sources
- Office of the Australian Information Commissioner - Guidance on privacy and the use of commercially available AI products
- National Archives of Australia - Information Management Standard for Australian Government
- National Archives of Australia - Information management for records created using Artificial Intelligence technologies
- Australian Government Digital Transformation Agency - Data and Digital Government Strategy
- Federal Register of Legislation - Privacy and Other Legislation Amendment Act 2024
- Australian Government Department of Industry, Science and Resources - AI mandatory guardrails consultation / National AI Plan update
- Archives New Zealand - Information and records management standard
- New Zealand Ministry of Justice - Privacy Amendment Act 2025 / IPP 3A
- MBIE New Zealand - New Zealand’s AI Strategy: Investing with confidence
- New Zealand Ministry of Justice - Algorithm Charter