Human error led to nearly 200 private email addresses linked to a redress scheme for Church of England abuse survivors being publicly disclosed.
Kennedys, a global law firm based in the U.S., has worked with the Church of England to develop the Redress Scheme for survivors of church abuse to receive financial redress, therapeutic and spiritual support.
One of the company’s partners, Helen Snowball, explained in an Aug. 28 apology statement on the firm’s website that a data breach had exposed email details of survivors signed up to the scheme.
On Aug. 26, an email update from Kennedys arrived in the inboxes of 194 individuals and other law firms registered to receive updates about the abuse redress scheme. Attempts to recall the email were only partially successful.
“Due to human error and in breach of firm standards, the email displayed the addresses of all recipients,” Snowball wrote. She apologized for the incident, acknowledging it had caused “trauma and concern” and affected trust in the scheme.
She confirmed an internal investigation had been launched to ensure it does not happen again. Kennedys is working with the Church of England and others leading the scheme to rebuild trust and support those affected.
In a Sept. 5 update on the Redress website, Snowball noted that some recipients had been contacted by others after the addresses were revealed. Guidance was shared on how to reduce or stop unwanted replies, and recipients were asked not to communicate without express permission.
Kennedys has worked with the Church of England since March 2024 as its independent scheme administrator to manage and develop the redress scheme for victims and survivors of church-related abuse. The General Synod of the Church of England approved the arrangement in July, paving the way for the scheme to open for applications.
The law firm has contacted all recipients of the email and reported the incident to the Charity Commission, the Information Commissioner’s Office and the Solicitors Regulation Authority.
The Church of England issued its own statement Aug. 27 describing the disclosure as “deeply regrettable” and recognizing the distress it caused, particularly for survivors who trusted the scheme with their information.
The Church said it does not control the data for the redress scheme but is “profoundly concerned” and is in discussions with Kennedys to ensure stronger safeguards.
The Bishop of Winchester, Rt. Rev. Philip Mounstephen, also issued an open letter, calling the breach “deeply regrettable” and recognizing the “distress and sense of betrayal” it caused. “Survivors deserve and should receive the utmost care, confidentiality, and respect,” he said.
Meanwhile, a new independent oversight board is reportedly being created to oversee the scheme, pending parliamentary approval.
