SURVIVORS of church-based abuse have spoken of “not having any trust left” after two data breaches this week by bodies appointed to carry forward the C of E’s work on safeguarding.
All those involved in the data breaches have been contacted, and in neither case is the Information Commissioner’s Office taking further action.
The first data breach occurred on Monday, and involved the Future Church Safeguarding Programme run by Professor Alexis Jay (News, 20 July).
The second happened on Thursday, and involved the details of a survivor waiting for an independent review overseen by the recently appointed commissioner of reviews, Kevin Crompton (News, 15 September).
On Monday, information about 11 people due to be interviewed as part of the process of recommending the future shape of Church of England safeguarding was accidentally sent to one of the participants, a survivor called Chris.
Speaking to the Church Times, Chris said that the impact of a data breach lay in how it damaged trust in a body that was supposed to be working out how to rebuild trust. “Our abuse was a gross breach of trust,” he said; and so data breaches of this sort amounted to a “repeated breach of trust”.
“It’s continual re-abuse that, sadly, we kind of expect from a sadistic Church,” he said.
The document contained logistical details about the interviews, as well as a brief summary of who the person was. Some were survivors of abuse, while others were church employees or volunteers. It did not contain contact information for any of the participants.
Chris said that, in light of the data breach, he now felt that that he had to redact documents that he intended to submit to Professor Jay’s inquiry on behalf of the Anglican Survivors Group, as he felt unable to trust that the data contained would be secure.
A spokesperson for the FCSP said that those named in the document had been informed, and had been offered an apology, after the breach.
“An offer of support is in place to those affected, and the incident has been reported to the Information Commissioner’s Office,” the spokesperson said. “We take our responsibility to keep information safe extremely seriously and have reviewed our procedures to ensure this cannot happen again.”
The second breach occurred on Thursday, when a survivor engaging with the new commissioner of reviews was informed that an email meant for her had accidentally been sent to a different survivor.
The person affected, who did not want to be named, told the Church Times that learning of the breach had been a “body blow”, despite the fact that the breach did not contain sensitive information.
“They’ve apologised, and I appreciate this, and I appreciate that errors happen, but how can you trust anything when every time that there’s a door open, something happens and the door shuts again? I haven’t got any trust left,” the survivor said.
Mr Crompton was appointed to oversee the commissioning of independent reviews for survivors who had been waiting for them under the Independent Safeguarding Board before it was disbanded in the summer (News, 21 June).
On Friday afternoon, Mr Crompton said in a statement: “An email was sent on the morning of 12th October 2023 to the wrong recipient. This was spotted immediately, and the recipient was contacted within minutes to ask them to delete the email. The email was a short update on the progress of setting up a review and did not contain full names or emails of the intended recipients or sensitive data.
“The intended recipients were contacted to inform them of what happened. I have completed the ICO self-assessment tool and sought independent legal advice and can confirm that the advice is that it is unlikely to result in a risk to the individual and is therefore not reportable to the ICO. This was a genuine error that I regret. I have personally apologised to those involved.”
A Church of England spokesperson said: “The Church takes any data breach very seriously, particularly relating to survivors being mindful of the impact any such a breach has. We have been in contact with the Future of Church Safeguarding Programme and been assured this incident was spotted very quickly, it has been reported to the Information Commissioner’s Office with no further action required, and support is in place for the survivor.
“We have also been alerted to a breach by the new interim commissioner of independent reviews and while we have been informed it is not considered reportable we have been assured that action was taken immediately and the survivor has been contacted.”
Although the work of Professor Jay and Mr Crompton is being conducted independently of the Church of England, they were appointed at the instigation of the Archbishops’ Council, and both survivors suggested that a degree of responsibility for the breaches lay with the Church.
“They’re overseeing this: it’s their responsibility,” Chris said, suggesting that “due diligence” should have been done.
The other survivor agreed: “It did make me question whether this has been set up properly.”
Read more on this story in this week’s Letters