As mentioned in today’s Opinion article, the Redress Scheme that was recently approved by General Synod has suffered from a major data breach. The Church of England has issued this statement:
Redress Scheme data breach by Kennedy’s Law LLP which is copied in full below.
We have been made aware of a deeply regrettable data incident involving the independent Redress Scheme administered by Kennedys Law LLP.
This incident resulted in the unintended disclosure by Kennedys Law of email addresses belonging to individuals who had registered for updates on the Redress Scheme.
First and foremost, our focus is on those affected. We recognise the distress this has caused, particularly for survivors who trusted the scheme to handle their information with care and confidentiality.
While the Church of England is not the data controller for the Redress Scheme and does not hold or manage the data in question, we are nonetheless profoundly concerned. We are in discussions with Kennedys to understand how this breach occurred and to ensure robust steps are taken to prevent anything similar from happening again.
Kennedys has taken full responsibility for the incident and is contacting all those affected directly to apologise and offer support. They have reported the breach to the Information Commissioner’s Office and are investigating the circumstances thoroughly.
This should not have happened. We will continue to monitor the situation closely and support efforts to restore trust and confidence.
Questions or concerns in relation to this data breach can be directed to KennedysDataProtectionOfficer@kennedyslaw.com
Finding support
If you have been impacted by this there are a number of organisations who can offer support:
Safe Spaces is a free and independent support service for anyone who has experienced abuse in relation to the Church of England, the Church in Wales, or the Catholic Church of England and Wales.
There are Safeguarding Advisers in every Church of England diocese across the country. Details can be found using our Diocesan Safeguarding Teams map which links to relevant contact information in each area.
Additional support services are listed here.
If you would like to talk to someone within the Church of England please email redress@churchofengland.org
Statement from Kennedys Law: Published 27 August 2025
Regrettably on Tuesday evening, a message was sent from law firm, Kennedys, to 194 individuals and law firms who had registered to receive updates in relation to the Church of England Redress scheme. Due to human error, the email displayed the email addresses making them visible to all recipients. No further personal details of individuals were shared. Attempts to recall the message were only partially successful.
Kennedys has been working with the Church of England since March 2024 as its independent Scheme Administrator to help it develop further and manage its National Redress Scheme for victims and survivors of Church-related abuse. This was approved by the General Synod of the Church of England in July paving the way for the scheme to open for redress applications.
Kennedys is deeply sorry for the hurt and concern caused to everyone affected by this significant error and accepts full responsibility. We have contacted everyone who received the message and have reported the incident to the Charity Commission, the Information Commissioner’s Office and the Solicitor’s Regulatory Authority. We will fully comply with any investigations.
Additionally, we have launched a full internal investigation to understand how this could have occurred and will incorporate any lessons learnt into our procedures immediately.
We understand the significant impact this will have on those affected for which we apologise unreservedly. We remain committed to supporting victims and survivors of Church of England-related abuse to secure the financial redress, therapeutic, spiritual and emotional support, acknowledgement of wrongdoing on the part of the Church, apology and other forms of bespoke redress under this scheme. Questions or concerns in relation to this data breach can be directed to KennedysDataProtectionOfficer@kennedyslaw.com
The Church of England statement has been amended to add a link to the statement from Kennedys. I have added the text of the latter to the foot of the article.
I note that Kennedys refers to the “Solicitor’s Regulatory Authority”. The correct title is “Solicitors Regulation Authority”.
Kennedys “will incorporate any lessons learnt into our procedures immediately”. So it’s not just the CofE that falls back on this language…
And this is familiar response to this language. I am wondering what we would prefer them to be saying in situations like this?
For a start, it would be good at the end of these lessons learned exercises to be told just what lessons *were* learned. I am reminded of the ‘You said…’/‘We did…’ processes in education, showing that the ‘feedback loop’ has been closed. In the C of E, it would be valuable to see how a lesson learned from a failure in one diocese had been taken on board by other dioceses; to see that somebody was collating the ‘lessons’ and passing them on.
Makes a change that the incompetence is not directly the responsibility of the Church of England. I wonder though what values the solicitors used by the C of E claim to uphold? Confidentiality might not be one of them now…
Kennedys ‘culture and values’ herewith:https://as-s01-uks-cm-04.azurewebsites.net/media/mvijijlr/kennedys-values-booklet.pdf
What redress is available to the CofE, let alone victims and survivors.
What criteria were used by whom at CofE to recommend and make this appointment?
Surely CofE cannot ‘subcontract’ its responsibility?
This is highly regrettable and there needs to be a full investigation but I suspect this will be a clerical mistake by a very junior member of staff at the law firm.
If it was indeed a junior member of staff then the firm is perhaps at fault for not adequately supervising them. It should not be possible for one junior person to do this.
I thought I couldn’t be more disappointed with how so much of this process has been handled to date… I’ve just been in contact with a survivor, who is on the email list, about this devastating data breach. They were in such a good place earlier today, enjoying some well earned time off, then this landed. For those who already feel so betrayed by the CofE, in so many different ways, it is difficult to imagine what impact this latest breach of trust will have. It seems to me, looking from the outside, just like further abuse, to be brutally… Read more »
Don’t let’s hide behind words. Serious breach affecting the lives of many traumatised and vulnerable people. Change the solicitor. Happens all the time in the ‘real world’.
Devastating for survivors. Another deep betrayal of confidence and trust.