FOI Man brings you a guest post from Dr Joe Reddington, a researcher at Royal Holloway, University of London, who asks where the burden of proof should lie when regulators consider appeals under FOI or FOI (Scotland).
I’m going to use this guest post to talk about something that’s been bothering me about burden of proof within Freedom of Information (FOI) Legislation. In this particular case, I’m going to use an example from the Scottish Information Commissioner (SIC).
Recently I completed a study into the supply of communication aids and, in the process, built an open-access data-set for other researchers. It was a worthwhile project that’s been (I believe) able to make a small difference in the lives of people I care about. The project required a set of FOI requests sent out to NHS services to find out what equipment they were buying to help people speak (The study report includes some thoughts about the Freedom of Information processes).
I requested information from Borders Health Board and, following some difficulties, appealed to the Office of the Scottish Information Commissioner (OSIC). This post isn’t about Borders Health Board, so we’ll say as little as possible about them throughout this post, but you do have to know that I was asking about a particular set of equipment purchased by the Speech and Language team.
Once OSIC got involved Borders sent them a breakdown of their estimated costs to justify the refusal of the request. The two relevant bits are:
Note that Borders did not appear to have to provide any supporting documentation, or any support for the estimates. I understand that the policy of OSIC is to take them at their word and I applaud that we can do this on trust.
But one item caught my eye. It takes a Grade 6 employee five hours to write a special request that returns the list of invoices paid by a department? This is a mind-boggling fact, and a particularly worrying one. If the NHS is operating systems that are so unwieldy that they it takes five hours for a highly trained user to input a simple query then the level of wastage and poor information flow in NHS departments must be shocking.
As a researcher, this interests me: because this suggests either a chronic lack of training or an almost criminal negligence on the part of the software providers. This is the sort of thing I can write up and maybe bring some evidence out to the public.
My first move is to get a response from the software manufacturer about how they could supply such appalling software to a health service.
As it happens, the people who make the accounting software were a little bemused by my questions, but quite possibly slightly spooked by the idea that a crazy researcher was going to spend the next eight months writing up academic papers on why their software was killing the NHS. So a nice man from the company kindly drafted me a testimonial, which once we take away the careful sales talk, doesn’t really match up with Borders costings:
“The [accounting system] logs all spend against a cost centre and an expense type, this effectively records a financial code against the invoice saying who (or which department) that element of the invoice is for, and classifying the expenditure type. Further levels of analysis are available in the financial coding to enable any invoice or invoice line to be recorded against additional analysis codes, which are typically used to classify project or activity type analysis.
Running a report or enquiry in the system should be almost immediate, though how long the results take to come back depends on a range of factors outside our control such as the volume of data stored and the network bandwidth. Building a simple ad-hoc report through Business Objects will usually just take a few minutes, to drag and drop the fields required onto the report.”
I asked for clarification on the actual amount of time it should take to do the job that Borders claim is five hours and got:
“I can only say how long it would take me to write the report, I’m not sure where you got the 6 hours from, The drag and drop business objects report would typically take 5-10 minutes to write, by someone trained in its use such as myself. I am including in that the physical constructing of the report, but also the time I would probably spend up front thinking about how I want to order the fields etc. In terms of running the online enquiry and exporting to Excel, I would say start to finish 1-2 minutes.”
(I’d accidently said six hours to the company rather than five, which was utterly an error on my part)
So I’m now thinking ‘Borders have got a bit confused about either how their software works or about the request: simple misunderstanding, easy to fix’, rather than ‘evil software is killing the NHS’.
I sent off the testimonial to OSIC, pointing out that the people who make the software directly contradict Borders’ time estimates.
I receive a reply and the relevant bits are:
“Unfortunately the Commissioner is unable to accept what you have written below as corroborative evidence in itself. You will need to provide something in writing from [the accounting software company] – email format would be fine.
1. Firstly, [the accounting software company] would need to confirm the name of the system, and that this system is the actual system in use by NHS Borders.
6. Does the system that NHS Borders have include the “business intelligence and ad-hoc report writer”?
It should be around another 4 weeks before your decision will be drafted so there is time for you to ask [the company] to contact me with the above information before the decision is finalised. I will get in touch with you again to let you know when that will be.”
Let’s be clear. The public body is taken at its word automatically, but if third party evidence is provided that directly contradicts it, that’s not accepted automatically, because the named person making the testimonial entirely out of the good of his heart must contact the OSIC directly. I feel this is a little unfair.
Even more irritatingly, I’ve been asked to prove that this is the software used. Let’s set aside the fact that presumably the only way to do that is to get a written statement from Borders (I rang the finance department, who were lovely and simply and easily told me on the phone), the point is that Borders don’t need to prove the name of the system when they say it takes six hours, but I do when I have an expert with a testimonial that the job takes six minutes.
I don’t really feel this is a fair burden of proof. But that’s not too bad, I’ve got four weeks warning of an imminent decision, so I’m going to ask a guy who did me a favor to do me another (and incidentally irritate one of his customers), and I’ve got a couple of weeks to get some sort of written notification that Borders are currently using the system that they say they do when you phone their switchboard. I start doing that – the FOI has been going on since 11 January 2012 so I’m not going to give up.
13 days later, I get this:
“Dear Dr Reddington,
For your information please find attached a copy of the above decision and covering letter, both of which have been posted out to you today.
It turns out, not only do the public have a much higher burden of proof to bear for a FOI request, they have strangely different deadlines. “Another four weeks and I will contact you again anyway” becomes, the “decision notice will arrive at your office for 9am before the end of the following week”.
Some choice quotes from the public decision notice:
"No direct communication" is of course the same as "forwarding direct testimonials along with the contact details of the people who made the software so you can confirm, and then when you reject this approach, also agreeing to get them to contact you directly within four weeks, which by the way still has two weeks to go".
If this is the balance of the burden of proof between members of the public and a public authority, then how can a public authority ever be ruled against by OSIC? All the public authority has to do is say it takes six hours to find the records, six hours to print them, and eight hours to review the information for 'commercial information/private details/threats to national security', whereas the public’s burden is… different.