It’s one of many clearest guidelines in knowledge safety: when somebody makes a topic entry request, you reply. You don’t block, erase, or conceal the information. But that’s precisely what a Yorkshire care house director did, and now he’s been fined.
The Info Commissioner’s Workplace (ICO) has efficiently prosecuted a care house director who refused to reply to a topic entry request (SAR).
Jason Blake, 56, of Bridlington Lodge Care Dwelling in Yorkshire, was discovered responsible of blocking, erasing, or concealing private information between April and Might 2023 with a view to stop disclosure. The request had been made by a resident’s daughter, who held lasting energy of lawyer.
A glance contained in the case
The private info requested included incident experiences, CCTV footage, and care notes referring to the resident. Slightly than comply, Mr Blake ignored the request, supplied no justification to the ICO, and even tried to cancel his registration as a knowledge controller.
At Beverley Magistrates’ Court docket on 3 September 2025, Blake was fined £1,100 and ordered to pay £5,440 in prices after being discovered responsible beneath Part 173 of the Knowledge Safety Act 2018.
The ICO’s Head of Investigations, Andy Curry, emphasised:
“Topic entry requests [are] a basic proper…By ignoring this request and refusing to offer any rationalization, Mr Blake believed he was above the regulation.”
Why this case issues
SARs are one of many cornerstones of UK knowledge safety regulation. Each particular person has the proper to know whether or not their private knowledge is getting used, how it’s getting used, and to acquire a duplicate of that knowledge. Organisations should reply inside one month (extendable to 3 in advanced instances). Altering, concealing, or deleting info with intent to keep away from disclosure is a prison offence.
On this case, the request was made beneath a long-lasting energy of lawyer. It’s true that POAs can typically increase advanced points, however the regulation gives methods to deal with these issues. If Mr Blake had doubts, he might have sought clarification or challenged the request by correct channels. As an alternative, he gave no rationalization in any respect and selected to hide information, which is indefensible.
This case is a reminder that:
- No organisation is exempt: knowledge safety applies to all sectors, together with care properties.
- Powers of lawyer are legitimate: until challenged by applicable authorized channels, SARs made beneath PoA should be honoured.
- Coaching and procedures are crucial: mishandling a SAR is each a compliance and reputational threat.
Jason Blake has now given each compliance coach an unlucky however precious case research. His poor judgement demonstrates how shortly a easy SAR can escalate right into a prison prosecution. For organisations, the lesson is evident: guarantee employees know their obligations beneath the Knowledge Safety Act and GDPR, and put sturdy procedures in place to deal with requests lawfully and responsibly.
Our UK GDPR and Knowledge (Use and Entry) Act 2025 (DUAA) programs robotically align with the UK’s evolving knowledge safety rules, so you’ll at all times have the newest coaching. Study by interactive and interesting programs on learn how to maintain knowledge secure and strategy knowledge safety based mostly on job function and threat publicity.
