The point I made was that the NHS in the form of the CCG was not, as you alleged, at fault on this point in this issue. Their actions are defensible in that once they receive the email, they can't really lawfully delete it.
The LA has a legal duty to recover costs. The window it has to do so after a CHC refusal is very short. They should wait for the CRAG questionnaire. However, it is very common for relatives to refuse to fill it in (I'm not saying you'd do such a thing but it is very, very common.) LA staff do in many cases distrust and dislike "relatives" in this situation. So poor quality low-grade (in alls senses staff) tend to try and gather information by any means possible and think they are being clever. I don't say that is right - far from it: I make my living partly by teaching people how to do their jobs lawfully in this respect and investigating when they make this kind of mess, including providing evidence for their dismissal. To me the main blame here lies with the LA in recording the information. But it is worthwhile blaming the right person(s).
In this case I would argue that the LA is in breach of the First, Second, Third (insofar as it relates to relevance) Fourth and Sixth Data Protection Principles. For convenience, they are below:
1 Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless—
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2 Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4 Personal data shall be accurate and, where necessary, kept up to date.......
6 Personal data shall be processed in accordance with the rights of data subjects under this Act.
It is harder to make a case for a DPA98 breach by the nursing home manager, especially at this distance in time. I doubt the ICO would take any action against them - they might against the LA. It's worth dropping them an email with the details - if nothing else it is a quick method of putting down a marker. You could cut and paste from your posts here.
Finally there are only limited formal legal duties on the LA (or NHS) to consult the "family" on any issue (including finance), and there will be policy restrictions on the extent to which they may or are willing to do so. It isn't the case, that I think "the family is wrong and anyone else can do as they like" but the legal reality is that the rights of third parties (relatives) are pretty limited, and there is wide latitude for the NHS, LAs and nursing/care homes, which does give them strong hands of cards in many (perhaps most) situations vs families. I don't think that's always right or always in the best interests of the individual (nor is it always in the interests of the NHS or LAs). Unfortunately making a new heaven and a new earth isn't in my gift - I can only try and how to obtain suggest rearrangements of the ones we've got.
W