THE Bishop of Guildford, the Rt Revd Andrew Watson, is among the bishops who have urged parishes not to let the APCS data breach deter them from the Disclosure and Barring Services (DBS) process, telling them: “Let’s not let the hackers win!”
“I was so sorry to hear about the data breach involving quite so many dioceses and other organisations around the country — and am grateful for the speedy response of our diocesan team at Church House Guildford once we became aware of it,” he said in a statement last week.
“I pray that no significant harm will come from this malicious attack, either for individuals or for our vision of a growing church at the heart of each community; and hugely appreciate the hard work of so many clergy and lay volunteers, and their willingness to go through DBS checking in our quest to become a safer Church. Let’s not let the hackers win!”
The Church Times reported last week that ten dioceses were affected by the breach, which has put hundreds of parish volunteers and workers who submitted information for DBS checks at risk of identity theft (News, 29 August).
The Guildford notice said that APCS worked with 17 dioceses. It advised parish officers to tell volunteers who may now be reluctant to undergo DBS checks that their concern was shared, but that the checking process was “a critical tool in safer recruitment and remains a requirement under the Safer Recruitment Guidance of Church of England in certain circumstances”.
The Bishop of Berwick, in Newcastle diocese, the Rt Revd Mark Wroe, said: “Our personal data is hugely precious and it is deeply concerning when our trust is undermined in this kind of way. . . Thank you to everyone dealing with this on behalf of their PCCs for your gracious and kind responses at this anxious time. My prayers are with all those who are affected, whether volunteers in parishes, postholders, or our own diocesan staff.”
The Bishop of Southwark, the Rt Revd Christopher Chessun, in an email to his diocese on Wednesday, wrote: “When such incidents occur, there is a risk that they may make people more reluctant to offer themselves for voluntary roles in the Church, or to engage with the requirements of our Safeguarding practice. That is understandable — but I would urge you not to be discouraged by this. Creating a safe and healthy culture for all of our churches is our highest priority and we mustn’t allow this setback — significant though it is — to deter us from this commitment.”
Some dioceses have reported that the National Church Institutions have advised that they do not believe it is necessary to replace driving licences or passports, as the images associated with these documents were not breached. But some of those affected by the breach have already proceeded with this step.
One member of the laity in the diocese of Oxford said that his wife had spent “hours” trying to cancel her passport and driving licence but learned that the UK Passport Office does not include a data breach as a valid reason for requiring a new passport. To record it as lost or stolen required a crime or other reference number, while ActionFraud had said that “they are only interested if fraud has actually happened”.
“As a former IT data specialist, it really annoys me that people are so lax with data,” he said.
A lay person in the diocese of Coventry said that the breach had caused deep concern in his church, including worry about “the heavy workload and responsibility this is for our volunteer non- professional parish safeguarding officers. Talk again of why this is not a professional, paid post. Many concerns, too, over parishioners that are overwhelmed with the renewing of driving licences and passports, and credit checks etc. and those that cannot afford to renew these things.” The list of who was affected remained “murky” he said.
