Skip to main content
Hafan

Care home director found guilty of ignoring request for personal information

  • Date 4 September 2025
  • Type News

The director of a care home in Bridlington, Yorkshire, has been fined for refusing to respond to a request for a resident’s personal information – known as a subject access request (SAR).  

In April 2023, a woman requested personal information about her father from Bridlington Lodge Care Home.   

Jason Blake, 56, was found to have blocked, erased, or concealed records held by Bridlington Lodge Care Home between 12 April and 12 May 2023 to prevent this information being disclosed.    

Under data protection law, people have the legal right to ask an organisation if it is using or storing their personal information and receive a copy of any personal information held.  

In this case, the daughter had the authority to request this information on her father’s behalf due to a lasting power of attorney. The personal information requested included incident reports, copies of CCTV footage and notes relating to her father’s care.  

After Mr Blake refused to respond to the request, a complaint was made to us. During our investigation, Mr Blake did not provide any explanation about why his organisation would not respond to the SAR.  

Mr Blake appeared at Beverley Magistrates Court on Wednesday 3 September 2025 where he was ordered to pay a fine of £1,100 and additional costs of £5,440 after being found guilty.  

Andy Curry, Head of Investigations at the ICO, said:

“We describe subject access requests as a fundamental right. This is because it helps people understand how and why organisations are using their information. This family put their trust in Bridlington Lodge Care Home to look after their father, and they had a right to receive information about his care.    

“By ignoring this request for personal information and refusing to provide any explanation, Mr Blake believed he was above the law. Not only did he dismiss the family’s request, he also tried to avoid scrutiny by asking the ICO to cancel his registration.  

“I hope this successful prosecution reminds all organisations that data protection applies to everyone, and subject access requests must be handled lawfully and responsibly.”    

All organisations must respond to a SAR within one month of receipt of the request, which can sometimes be extended to three months.  

It is a criminal offence for organisations to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure under Section 173 of the Data Protection Act.  

Notes for editors
  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.  
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.   
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.   
  4. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.