Press "Enter" to skip to content

NPA: Legal Posturing, Zero Answers

By Kieron JH on September 27, 2025 5:27 am
Courtroom cartoon in Ace Attorney style. Kieron points and shouts “Objection” as an NPA lawyer looks on. Inset Exhibit A shows ASN 197320 access log with Teams CDN referrer and path to the IPS pharma page.
Editorial illustration for the NPA SAR refusal story. Exhibit A highlights access from NPA ASN 197320 with referrer statics.teams.cdn.office.net and a request to the IPS pharma page. Characters are illustrative only.

Last updated on December 21, 2025

National Pharmacy Association: SAR refusal, NoReply threats, and what our logs show

TL;DR The National Pharmacy Association (NPA) refused my Subject Access Request as “manifestly unfounded,” threatened defamation and harassment, and said they will not correspond further. My follow up sets out UK GDPR duties, a records hold, and direct questions they have not answered. I will publish redacted (where necessary) network evidence and keep a standing Right of Reply open.

What prompted this

On 25 September I asked NPA to comment on access to thereasonableadjustment.co.uk from the NPA corporate network and on a pattern of automated hits from cloud hosts to NPA and IPS related pages. I flagged that NPA users on the corporate ASN see a notice page and that access is logged for transparency. I also asked whether the earlier “misrepresentation” allegation issued in Ms Day’s name was signed off by someone senior, and invited a correction if anything on my site was wrong.

Redacted WAF event showing request from NPA ASN and Teams CDN referrer
Evidence excerpt: redacted Cloudflare log for an event on the IPS/NPA coverage. Ownership of the ASN is public. Individual users are not identified.
Follow up email to NPA requesting comment and clarity
Follow up requesting comment and clarity. No acknowledgement came back.

NPA’s reply from a NoReply address

NPA then responded from a generic NoReply mailbox on 26 September. They repeated their denial of my claim against their insured, accused me of harassment and defamation, demanded that I stop contacting Ms Day and remove content, and declared my SAR “manifestly unfounded.” They also said this would be their final correspondence.

NPA NoReply letter refusing SAR and threatening legal action
NPA’s NoReply letter: threats, a SAR refusal, and a refusal to correspond further.

Why SARs were served and to whom

  • IPS Pharma / Vertical Pharma Resources (VPR): I served a single, comprehensive SAR. The original statutory deadline was 24 August 2025. Ms Day later claimed my short follow up, which asked for an update and offered clarification, reset the deadline to 10 September. A hard copy response arrived on 12 September and was two to three pages with no meaningful disclosure.
  • NPA / NPA Insurance: I served one SAR because, as insurer and claims handler for your client Vertical Pharma Resources Ltd trading as IPS Pharma, NPA holds my personal data and related claim communications. You did not provide a disclosure. Instead, on 26 September 2025 you sent a NoReply letter refusing to comply on the basis that my SAR was “manifestly unfounded,” coupled with harassment and defamation threats and takedown demands.
  • Curaleaf: I served one SAR to obtain IPS related logs and communications held their side for court and evidential preservation. Curaleaf provided a timely, substantive response on a scope similar to the NPA request.

Accuracy note: After sending my rebuttal email on 25 September 2025, I issued a minor wording correction within thirty minutes to clarify “your client” in the NPA bullet above. The correction did not change the substance.

These SARs were not tactics. They were evidence gathering after the primary controller failed to disclose fully.

My response to NPA: law, evidence, and a records hold

I replied to NPA setting out duties that do not vanish because they dislike scrutiny. Highlights below. The full email is split across three pages for readers’ ease.

Page 1 of rebuttal: timeline, why SARs were filed, missed deadlines
Page 1: timelines and why the SARs were filed.
Page 2 of rebuttal: legal bases, evidence summary, publication intent
Page 2: GDPR duties, legal position, and what our evidence consists of.
Page 3 of rebuttal: specific questions, deadline, and records preservation
Page 3: direct questions, deadline, and a records preservation notice.

Key points from the rebuttal

  • SAR refusal is not justified: Article 15 UK GDPR grants a right of access. Article 12 requires controllers to facilitate that right and respond within one month. “Manifestly unfounded” is a narrow ground that must be evidenced. Refusals must signpost rights to complain to the ICO and to seek a judicial remedy under Articles 77 and 79. If the request was complex they could have taken a reasoned Article 12(3) extension. They did not.
  • Defamation and harassment threats are misplaced: Truth is a complete defence under section 2 of the Defamation Act 2013. Publication in the public interest is a defence under section 4. Honest opinion is protected under section 3 when based on stated facts. The Protection from Harassment Act 1997 requires a course of conduct that is oppressive and unacceptable. Publishing evidence, offering a Right of Reply, and serving lawful SARs on clear public interest issues does not meet that threshold.
  • Evidence we hold: Raw WAF records with timestamp, source IP, autonomous system number identifying AS197320 (National Pharmacy Association Ltd), HTTP method and path, user agent, referrer such as statics.teams.cdn.office.net, and unique event IDs. These show requests to our site from NPA’s corporate network while a workstation had Microsoft Teams resources loaded. We do not identify individuals from logs. We do identify corporate networks where ownership is clear from BGP and ASN records. We will publish redacted (where necessary) copies and preserve raw JSON and cryptographic hashes for the ICO or a court.
  • Record preservation: NPA has been asked to preserve emails, ticketing records, chats, access logs, vendor instructions, and internal notes. They have been told not to delete, overwrite, rotate, or instruct others to alter or dispose of relevant data.

The questions NPA still has not answered

  1. Confirm or deny access from the NPA corporate ASN to thereasonableadjustment.co.uk.
  2. Explain the subsequent automated requests from cloud infrastructure to NPA and IPS related pages.
  3. Confirm whether NPA or any contractor operates automated monitoring or scraping of our site and confirm compliance with our Terms of Use.
  4. State whether the “misrepresentation” allegation issued in Ms Day’s name is withdrawn or maintained, and who signed it off.
  5. Provide a named point of contact, a working reply address, and the correct Data Protection Officer details.
  6. Particularise any statement they allege is false and provide evidence.

Related coverage

On the “SRA rules” point in NPA’s letter: it likely refers to my article on solicitor conduct. To be clear, I state an opinion based on cited facts and public standards. Readers can test that opinion against the evidence shown above, in the linked pieces, and our upcoming article on the matter.

What happens next

  • I will publish redacted (where necessary), verifiable logs and keep a comprehensive evidence pack offline for regulators and the court.
  • I will escalate the SAR refusal to the ICO if NPA confirms it as final.
  • A standing Right of Reply remains open. Corrections supported by evidence will be published in full.

Note for readers: Network evidence is technical. We separate facts from inference. We do not identify individuals from access logs. We do identify corporate networks where ownership is clear from BGP and ASN records. Public screenshots are redacted (where necessary) for personal identifiers. The unredacted JSON and hashes are preserved for regulators and the court.

Published in Accountability, Articles, Autism, IPS Pharma, Kieron and Medical Cannabis

More from AccountabilityMore posts in Accountability »
More from ArticlesMore posts in Articles »
More from AutismMore posts in Autism »
More from IPS PharmaMore posts in IPS Pharma »
More from KieronMore posts in Kieron »
More from Medical CannabisMore posts in Medical Cannabis »

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *