THE data security of abuse survivors has been breached by Kennedys Law LLP, the law firm responsible for administering the Church of England’s Redress Scheme.
A statement from Church House on Wednesday said: “We have been made aware of a deeply regrettable data incident involving the independent Redress Scheme administered by Kennedys Law LLP.
“This incident resulted in the unintended disclosure by Kennedys Law of email addresses belonging to individuals who had registered for updates on the Redress Scheme. . . We recognise the distress this has caused, particularly for survivors who trusted the scheme to handle their information with care and confidentiality.
“While the Church of England is not the data controller for the Redress Scheme and does not hold or manage the data in question, we are nonetheless profoundly concerned. We are in discussions with Kennedys to understand how this breach occurred and to ensure robust steps are taken to prevent anything similar from happening again.”
Kennedys had taken full responsibility for the incident, the statement said, and had reported the breach to the Information Commissioner’s Office.
It concluded: “This should not have happened. We will continue to monitor the situation closely and support efforts to restore trust and confidence.”
A statement issued by Kennedys on Wednesday said that a message had been sent to 194 individuals and law firms on Tuesday evening. The firm was “deeply sorry for the hurt and concern caused to everyone affected by this significant error and accepts full responsibility”. A full internal investigation was announced.
An email sent by the NST on Wednesday to individuals affected said: “We understand the discomfort, anxiety, and uncertainty this data breach will cause for many victims, survivors, and their families — whether you were directly impacted or not. Please know that you are not alone.” It provided details of sources of support, including Safe Spaces.
Kennedys, an international law firm, was announced as the administrator of the Redress Scheme in March 2024 — a move described as a “significant step towards our goal of offering redress to survivors and victims of church-related abuse” (News, 28 March 2024). Members of the Redress Survivor Working Group were involved in the selection process. The General Synod gave the scheme final approval last month. The Church Commissioners have committed £150 million to it.
A public website opened on 18 July, enabling prospective applicants to register their interest and receive advance notification of the scheme’s official opening date, once it is known. On Tuesday, one of those affected, Canon Ian Gomersall, wrote on his blog that the breach “shatters my confidence in the process”. He suggested that “inadequate confidential care is being taken, and supervision and oversight of those handling the data is also inadequate.”
Questions or concerns in relation to this data breach can be directed to: kennedysdataprotectionofficer@kennedyslaw.com
