Mr Y and Tusla
From Office of the Information Commissioner (OIC)
Case number: OIC-152460-R9T8G3
Published on
From Office of the Information Commissioner (OIC)
Case number: OIC-152460-R9T8G3
Published on
On 28 June 2024, the applicant requested a copy of the Access Log from Tusla’s case management system for all employees and contractors who have accessed any information on his family. The applicant said he has good reason to suspect that there has been unauthorised access by employees.
On 28 August 2024, Tusla issued a decision granting the applicant’s request. On 30 August 2024, the applicant requested an internal review of that decision. He said his request sought a copy of an access log from the case management system (CMS) and that the only information provided was a list of names. The applicant said this is not the access log from the CMS – which gives the time/date/reason and person who accessed the file on every occasion it was accessed.
On 20 September 2024, Tusla varied its original decision. Tusla said the applicant’s request for internal review included confirmation of the time/dates/reason and names of persons who accessed files regarding his family. It said, the applicant’s initial FOI request did not specify same. Tusla said that it had released a list of all staff names and their roles who have accessed the Tusla Case Management system (TCM) regarding the applicant’s family. Tusla varied its decision and released access logs to include dates and times. It said that these have not been condensed and have been retrieved straight from the system.
On 1 October, the applicant applied to this Office for a review of Tusla’s decision. In his application for review, the applicant argued that the Access Log was not released in full. He noted that the files that were released to him originated in two different systems; an older case management system (NCCIS) and a newer system (TCM). The applicant said that the full access log for Tusla’s old system was released to him. However, he argued that the access log for the new system was not supplied, as he was only given the names of persons who accessed the files and times/dates of access. He argued that the newer system has a much more detailed access log than the old system, which includes features such as staff members looking at files having to give a reason why they access the files and what changes to the file were made by the staff member.
During the course of this review, the Investigating Officer provided the applicant with details of Tusla’s submissions outlining its position that it had provided the applicant with a full copy of its Access Log. The Investigating Officer invited the applicant to make further submissions in the matter, which he duly did.
I have now completed my review in accordance with section 22(2) of the FOI Act. In carrying out my review, I have had regard to the correspondence outlined above and to the submissions made by both parties. I have also had regard to the records at issue. I have decided to conclude this review by way of a formal, binding decision.
Tusla’s position is that it provided the applicant with a full copy of the access logs from its old and new case management system. The applicant disagrees and maintains that the Access Log contains further information that has not been provided to him.
In effect, this review is concerned with whether Tusla was justified in refusing access, under section 15(1)(a) of the FOI Act, to the additional information which the applicant claims to be part of Tusla’s Access Log.
Before dealing with the substantive matters at issue in this review, I would like to make some preliminary comments.
Firstly, section 13(4) of the Act provides that, subject to the Act, in deciding whether to grant or refuse an FOI request, any reason that the requester gives for the request and any belief or opinion of the FOI body as to the reasons for the request shall be disregarded. Thus, while certain provisions of the Act implicitly render the motive of the requester relevant, as a general rule, the actual or perceived reasons for a request must be disregarded in deciding whether to grant or refuse an access request under the FOI Act.
Secondly, it is also important to note that this Office has no remit to investigate complaints, to adjudicate on how FOI bodies perform their functions generally, or to act as an alternative dispute resolution mechanism with respect to actions taken by FOI bodies.
Section 15(1)(a) of the FOI Act provides that a request for access to a record may be refused where the record does not exist or where it cannot be found after all reasonable steps to ascertain its whereabouts have been taken. A review of an FOI body's refusal of records under section 15(1)(a) assesses whether it is justified in claiming that it has taken all reasonable steps to locate all records of relevance to a request or that the requested records do not exist. This means that I must have regard to the evidence available to the decision maker and the reasoning used by the decision maker in arriving at his/her decision. The evidence in "search" cases consists of the steps actually taken to search for records along with miscellaneous and other evidence about the record management practices of the public body on the basis of which the public body concluded that the steps taken to search for records was reasonable.
As noted above, the Investigating Officer provided the applicant with details of Tusla’s submissions and invited the applicant to make his own submissions, which he duly did.
While I do not intend to repeat details of the submissions received from both parties in full, I can confirm that I have had regard to them.
Tusla said its ICT department was contacted to retrieve records related to the request. It said Access Logs were retrieved from the two systems known as NCCIS and TCM. Tusla said the access logs were initially combined and tidied up by its ICT. Tusla said the applicant’s initial request only asked for names and roles of everyone on the log. Therefore, it said its ICT department made the list more compact by removing any duplicates of the same name. Following the applicant’s request for internal review, Tusla said its ICT department were contacted again and it supplied the full log for both its NCCIS and TCM systems, including every single iteration where a staff member accessed the family’s profile. Tusla said that what was released to the applicant following its internal review was not requested in his initial FOI request and that Tusla chose to vary its original decision and provide the applicant with further information he sought that was not initially requested.
Tusla said the full NCCIS log (which ceased in 2023) includes user (staff) name, their job role, the date of access, the type of operation, the type of record (e.g. Person’s profile or a referral), the child’s name, the child’s identifying number and the referral number if relevant. Tusla said the current TCM log (which launched in 2023) contains the user (staff) name, their role and the “execution time” when they accessed the profile.
The TCM system, Tusla said, replaced the NCCIS system in February 2023 and is a single case management system for all services. It said only staff with a legitimate business reason and within the specific area have access to family case files within that area. With regard to the logs provided to the applicant, Tusla said the NCCIS log provided a detailed overview of each time a profile was accessed while the TCM log is more streamlined.
Tusla said that from consultations with the Social Work Team Leader and the Principal Social Worker, it is established that every member of staff had a justifiable reason for accessing the profile of this family. It said, there are no individuals identified who were not justified in accessing the profiles. Tusla said that access can be for many reasons, business support staff may upload correspondence or amend profile information as needed, social work teams may upload referrals and case notes, etc. FOI and Data Protection staff may access it to retrieve files to process Subject Access Requests and Freedom of Information requests. Staff may access it to retrieve contact details for parents or other professionals, etc.
Tusla said the Principal Social Worker for the team involved with the applicant’s family was consulted with and provided a reason for each staff member accessing the logs. Tusla said this has been provided to the applicant. Tusla noted that in providing this extra detail to the applicant it resulted in the creation of a new record. It said that there was no obligation for Tusla to provide this to the applicant but as a gesture of goodwill and a wish to assist the applicant as best as possible, they arranged for the creation of same. It said this involved considerable consultation with the ICT team and also the Principal Social Worker.
The Investigating Officer sought further clarification on what Tusla considers to be the extent of its case management system and what precisely constitutes the “Access Log.” Tusla provided further information on both NCCIS and TCM. With respect to the reasons an employee may have to access a file, Tusla said that NCCIS contains “Operation” data which is the task performed by the user on the record such as read, view, update, or delete. For the TCM system, this function was said not to exist.
Tusla said the underlying TCM Access Log contains a number of data points but some of it is technical and not displayed as part of a produced report based on the data. It did say, however, that the “Servicename” data point is not used in a report but can be used to determine the exact function on the system that the user may have clicked or what specific part of the record was accessed.
Tusla went on to say that the system requires users to enter a reason for access when they attempt to access a case file that is outside of their team. Tusla said this is not required for users who are members of the team allocated to the case, which, in general, are the staff in a geographical area who are responsible for social work cases in that area. Tusla said all users who accessed the case were not required to enter a reason as they were part of the relevant geographic team area.
Tusla said the reason data is captured by the system but claimed it does not form part of the Access Log. Tusla said this data can, however, be extracted out into a report and provided if required.
In his submissions, the applicant said a Tusla complaints officer had informed him that the prompt he is seeking is available on Tusla’s case management system. He said that he had not sought an altered or edited version of records, but an original report. The applicant also questioned Tusla’s claim that all of the staff listed on the records released worked in the relevant functional area.
The applicant maintained that the TCM system produces a report, commonly known as an Access Log, which he maintains contains the details of all staff accessing the case including the reasons staff must input when the prompted to by the system. He said this is the specific report that was requested and argued that Tusla is well aware that this is the report that was requested.
The applicant also argued that Tusla officials are not entitled to restrict, massage, alter or compose alternative documents based on some of the information in this Access Log document in response to a FOI request. He said that the “data log” is required to exist regardless of the reason recorded for access and would, for example, include the default reason for local staff who have been assigned the case. He also said that he had submitted a FOI request for the file itself and the list of names provided by Tusla includes staff in the FOI/GDPR and ICT areas who assisted with processing this request. The applicant said that as they are not staff assigned to the case, they would be required to input the reason for accessing the file when processing his FOI request. He said, therefore, a data log should exist with these reasons included. He noted that there may be some difference in the vernacular used but said terms such as “data log” or “Access Log” are similar and should include the information he sought.
Based on the above, the Investigating Officer made further enquiries with Tusla. He asked what steps Tusla would need to take to generate a report containing the reason data sought by the applicant. Tusla said it made a request to its Data Management Team to run a report on the TCM database that would generate a report in excel form that includes the reason data sought by the applicant. It said this type of report is run separately from an Audit Log Report which shows which users accessed a case file. This generated a report that included the names of users who were required to input a reason to access the file and the reason given was the applicant’s FOI request. Tusla reiterated, however, that all the records provided, constitute the entirety of the records requested by the applicant.
It seems to me that this case comes down to the different interpretation that Tusla and the applicant have about the content of the Access Log sought by the applicant.
In his original request, the applicant sought a copy of“The access log from your case management system for all employees/contractors who have accessed any information on our family” . Tusla claim that it released a copy of this Access Log to the applicant. However, the applicant contends that staff who access Tusla’s case management system are required to enter the reason why they accessed the files and that this reason forms part of the Access Log. While Tusla acknowledge that the reason for access, where it is required and has been entered into the system, can be extracted from its system, it is Tusla’s position that this ‘reason for access’ information does not form part of its Access Log.
Having consider the matter carefully, I am satisfied that Tusla provided the applicant with a copy of the Access Log he requested from its case management system. While it seems to me that this matter could have been resolved had Tusla provided the applicant with a report containing the ‘reason for access’ information, even if this field is unpopulated where staff were not required to enter it, I am satisfied that Tusla was not required to do so having regard to the scope of the applicant’s original request and its ordinary understanding of what constitutes the Access Log. It is, however, open to the applicant to make a fresh request to Tusla for this information, if he wishes to do so.
Given my findings above, it is not necessary for me to consider here whether Tusla can extract this information in line with the requirement under section 17(4) of the Act to extract records or existing information held on electronic devices. However, it is worth nothing that under section 17(4), where a request relates to data contained in more than one record held on an electronic device by the FOI body concerned, the body must take reasonable steps to search for and extract the records to which the request relates. The reasonable steps are those that involve the use of any facility for electronic search or extraction that existed on the date of the request and was ordinarily used by the FOI body. Where those reasonable steps result in the creation of a new record, that record is deemed to have been created on the date of receipt of the request for the purposes of considering whether or not such a new record should be disclosed in response to the request. Should the applicant make a new request, I would expect Tusla to have due regard to section 17(4) of the Act.
In conclusion, having regard to the information before this Office, I am satisfied that Tusla was justified in refusing access to the additional information the applicant claims to be contained in its Access Log. In the circumstances, while I appreciate the applicant will be disappointed by my decision, I find that Tusla was justified in refusing access to the additional information sought by the applicant, under section 15(1)(a) of the FOI Act, on the ground that the additional information sought is not ordinarily part of the Access Log.
Having carried out a review under section 22(2) of the FOI Act, I hereby affirm Tusla’s decision under section 15(1)(a) of the FOI Act.
Section 24 of the FOI Act sets out detailed provisions for an appeal to the High Court by a party to a review, or any other person affected by the decision. In summary, such an appeal, normally on a point of law, must be initiated not later than four weeks after notice of the decision was given to the person bringing the appeal.
Richard Crowley
Investigator