Kennedys has apologised and launched an internal investigation after a data leak relating to its administration of the Church of England’s redress scheme for abuse victims.
The leak happened on Tuesday evening when the firm sent an email to 194 individuals and law firms that had registered to receive updates about the scheme, which was approved by the Church of England's General Synod in July.
“Due to human error, the email displayed the email addresses, making them visible to all recipients,” the firm said in a statement. “No further personal details of individuals were shared. Attempts to recall the message were only partially successful.”
In a statement, the UK firm said it was “deeply sorry for the hurt and concern caused to everyone affected” by what it described as a “significant error” for which it “accepts full responsibility”.
It has reported the incident to the Charity Commission, the Information Commissioner’s Office and the Solicitors Regulation Authority.
Kennedys was appointed as the independent administrator of the scheme in March 2024 after a competitive tender which, according to a Church of England press release issued at the time, saw it unanimously chosen by the project team, which included abuse victims.
Kennedys’ specialist liability team, which is led by Sheffield office managing partner Helen Snowball, was identified as having the “necessary experience and expertise” to “gain the confidence and trust of survivors”.
Once up and running, the scheme will offer victims of abuse financial awards, as well as other forms of redress, including “apologies, acknowledgement of wrongdoing and access to therapeutic and emotional support”.
In response to the data leak, the Church of England said it was “profoundly concerned” by the breach and recognised the “distress this has caused, particularly for survivors who trusted the scheme to handle their information with care and confidentiality”.
“This should not have happened,” its statement said. “We will continue to monitor the situation closely and support efforts to restore trust and confidence.”
Speaking to Channel 4 News, abuse victim Mark Stibbe, who was among those affected by the data breach, said: “I’m not after one person in a law firm being sacked, because it could be that that person is a junior admin member of staff and that that person hasn’t been properly trained or properly briefed.
“So it would be unfair to just simply, without proper information, target that person. But I do think there are questions to be asked of the Church of England because it keeps getting it wrong.”
Email your news and story ideas to: [email protected]
