Please see the following statement from the Church of England.
We have been made aware of a deeply regrettable data incident involving the independent Redress Scheme administered by Kennedys Law LLP.
This incident resulted in the unintended disclosure by Kennedys Law of email addresses belonging to individuals who had registered for updates on the Redress Scheme.
First and foremost, our focus is on those affected. We recognise the distress this has caused, particularly for survivors who trusted the scheme to handle their information with care and confidentiality.
While the Church of England is not the data controller for the Redress Scheme and does not hold or manage the data in question, we are nonetheless profoundly concerned. We are in discussions with Kennedys to understand how this breach occurred and to ensure robust steps are taken to prevent anything similar from happening again.
Kennedys has taken full responsibility for the incident and is contacting all those affected directly to apologise and offer support. They have reported the breach to the Information Commissioner’s Office and are investigating the circumstances thoroughly.
This should not have happened. We will continue to monitor the situation closely and support efforts to restore trust and confidence.
Questions or concerns in relation to this data breach can be directed to KennedysDataProtectionOfficer@kennedyslaw.com
Finding support
If you are in the Diocese of Norwich and you have been impacted by this, please contact the Diocesan safeguarding team safeguarding@dioceseofnorwich.org or call 01603 882345.
Alternatively, you can contact Safe Spaces; a free and independent support service for anyone who has experienced abuse in relation to the Church of England, the Church in Wales, or the Catholic Church of England and Wales.”
If you would like to talk to someone within the Church of England please email redress@churchofengland.org
APCS data breach
Some Dioceses and parishes have been contacted by APCS about a separate data breach. APCS has a processing arrangement with some Church of England parishes, dioceses and other organisations across the country to process DBS checks.
The Diocese of Norwich does not use APCS for DBS checks and so has not been affected by this data breach. We are also unaware of any parish that uses APCS.
If your parish receives an email from APCS, pleases get in touch with hello@dioceseofnorwich.org or call 01603 880853 immediately.