Published: 29 August 2025
By: Kieron JH – The Reasonable Adjustment
During live legal correspondence surrounding a data breach and overdue Subject Access Request, an IPS Pharma staff member viewed my LinkedIn profile at 03:27am on 29 August 2025. Not subtle, and not smart.
At best, this is an ill-judged personal curiosity. At worst, it reflects a coordinated attempt by IPS to assess the digital footprint of a patient actively engaged in lawful pre-action correspondence. Either way, the optics are appalling.
IPS Pharma and their solicitor at NPA Insurance have now been asked to confirm:
- Whether the view was authorised or personal;
- Whether IPS maintains a policy for reviewing the online presence of complainants;
- What lawful basis (if any) they rely on to conduct such activity during an active GDPR dispute.
This isn’t drama. It’s due process. And it speaks volumes when a pharmacy accused of breaching data protection rules follows up by checking the LinkedIn profile of the person raising the alarm – in the early hours of the morning.
If you work in healthcare, data protection, or regulation, we invite you to consider:
What would your DPO say if a staff member did this during a pre-action protocol?
We believe in transparency. We believe in accountability. And we believe the public deserves to know how supposedly compliant data controllers behave when nobody’s watching.
💡 Want to help us hold institutions to account? Visit our homepage or follow us for future updates.
Be First to Comment