“This family put their trust in Bridlington Lodge Care Home to look after their father, and they had a right to receive information about his care”
The director of a Bridlington care home has been fined for refusing to respond to a request for a resident’s personal information. Jason Blake, 56, appeared before Beverley Magistrates Court on Wednesday, September 3.
In April 2023, a woman requested personal information about her father from Bridlington Lodge Care Home, known as a subject access request (SAR). She requested incident reports, copies of CCTV footage, and notes relating to her father’s care.
Under data protection law, people have the legal right to ask an organisation if it is using or storing their personal information and receive a copy of any personal information held. In this case, the daughter had the authority to request this information on her father’s behalf due to a lasting power of attorney.
After Mr Blake refused to respond to the request, a complaint was made to the Information Commissioner’s Office (ICO). During the ICO’s investigation, Mr Blake did not provide any explanation about why his organisation would not respond to the SAR.
When Mr Blake appeared at Beverley Magistrates Court, he was ordered to pay a fine of £1,100 and additional costs of £5,440 after being found guilty. Mr Blake was found to have blocked, erased, or concealed records held by Bridlington Lodge Care Home between 12 April and 12 May 2023 to prevent this information being disclosed.
Andy Curry, Head of Investigations at the ICO, said: “We describe subject access requests as a fundamental right. This is because it helps people understand how and why organisations are using their information.
“This family put their trust in Bridlington Lodge Care Home to look after their father, and they had a right to receive information about his care. By ignoring this request for personal information and refusing to provide any explanation, Mr Blake believed he was above the law.
“Not only did he dismiss the family’s request, he also tried to avoid scrutiny by asking the ICO to cancel his registration. I hope this successful prosecution reminds all organisations that data protection applies to everyone, and subject access requests must be handled lawfully and responsibly.”
All organisations must respond to a SAR within one month of receipt of the request, which can sometimes be extended to three months. It is a criminal offence for organisations to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure under Section 173 of the Data Protection Act.
The Information Commissioner’s Office is the UK’s independent regulator for data protection and information rights law. It upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
Concerns can be reported to the ICO by telephone on the helpline 0303 123 1113. Alternatively, people can visit ico.org.uk/concerns.
Is Hull the best place to live in Yorkshire? You can have your say by completing the poll below or by clicking here.