THE Information Commissioner’s Office (ICO) has upheld a third complaint of a data-breach made by a survivor against the chair of the Independent Safeguarding Board (ISB), Professor Maggie Atkinson, the Church Times has learned.
This paper also understands that, despite being informed of this, the Archbishops’ Council, who employ the ISB as independent contractors, has recently reinstated Professor Atkinson’s access to her ISB email account, against the wishes of the two other ISB board members.
The two have requested that her access be removed until they are reassured and can assure survivors that their data is safe.
There are three board members of the ISB who work part-time: the lead survivor-advocate, Jasvinder Sanghera; Steve Reeves; and the chair, Professor Atkinson. In addition, there is a communications consultant, Jeanette Bate, and a newly recruited manager who is to join next month. An administrator is still being recruited.
Last July, the Revd Graham Sawyer, a former Anglican incumbent and a survivor of clerical abuse, complained to the ICO that Professor Atkinson broke data-protection rules during their correspondence. This was upheld (News, 22 July 2022).
Within a month, an unnamed individual made a second complaint, this time to the National Church Institutions — which includes the National Safeguarding Team (NST) — about a data and confidentiality breach by Professor Atkinson, and she was asked to step back from her duties (News, 5 August 2022). This was passed on to the Charity Commission and the ICO.
In November, after 90 days, the ICO concluded that there was insufficient evidence to substantiate a criminal offence. Professor Atkinson’s access to emails was reinstated by the Archbishops’ Council, although she remained stepped back.
Last week, the Church Times learned of a third complaint against the ISB. This was made by Graham Jones, a victim of abuse by the late John Smyth. Mr Jones reported to the ICO that Professor Atkinson had emailed details of his ongoing concerns about the ISB to a third party in the NST without his permission.
The ICO ruled: “We understand Maggie Atkinson responded to your concerns acknowledging the error and had attempted to withdraw the email.
“We have considered the issues you have raised with us. Based on this information, it is our view that the ISB has not complied with its data-protection obligations.”
When the Church Times approached the remaining ISB board members for comment last week, they said that the ruling had not been disclosed to them by Professor Atkinson.
In a statement, a spokesperson said: “A data breach was recently brought to our attention by a complainant, and although it has been upheld against the ISB, it relates to the conduct of the chair, Maggie Atkinson, and not other ISB board members.
“The ISB fully recognises the importance of protecting and ensuring personal data is safe and is taking this matter extremely seriously. We also wish to confirm that Professor Maggie Atkinson, ISB chair, will remain stood aside from duty and has no access to sensitive data.”
The spokesperson said at the time that there continued to be an out-of-office on the chair’s emails and a dedicated email address which was monitored. Professor Atkinson, however, later emailed the Church Times from her ISB address. She signed off as chair with no qualifiers as to her position.
The spokesperson reiterated that Professor Atkinson had not been reinstated as chair, and said that reports of her email use were therefore concerning.
The Archbishops’ Council has not yet responded to a request for comment on Professor Atkinson’s email access.
When asked directly about her position, email access, and the third complaint against her, Professor Atkinson declined to comment.
When asked about the continuing confusion over Professor Atkinson’s position, the ISB spokesperson said that the other members of the board did not have the power to clarify matters, as the board and its members are contracted by the Archbishops’ Council, which funds the board.
A spokesperson for the Archbishops’ Council said that the ISB “was set up to provide vital scrutiny of the Church’s safeguarding work and the Archbishops’ Council remains committed to this principle and would like to thank members for their work to date.
“However, due to ongoing concerns about the current working relationships, the Council agreed at its January meeting that members should enter into a dispute-resolution process to ensure this important independent work can continue with effective collaborative working between its members. This will enable the ISB to reach decisions including on outstanding work and to provide services to the Church agreed in its contract.”
The ISB spokesperson added: “The current position with the chairperson being stood aside needs resolution, and the AC [Archbishops’ Council] are invoking a process provided for contractually. It would be inappropriate to comment further until that process has been completed.”
The most recent ICO ruling against Professor Atkinson acknowledges the “potential confusion” over the fact that the ISB is funded by the Archbishops’ Council, but is its own data controller under the data-protection framework.
The ICO states: “We understand the AC and ISB are separate data controllers and have taken steps to address any confusion both internally in regards to sharing data, and externally to complainants. As such, we will not be pursuing further action in this matter but will retain this concern on file for intelligence purposes.”
In a written answer to a question about this, put to the General Synod in November 2022, the lead safeguarding bishop, the Bishop of Rochester, Dr Jonathan Gibbs, wrote: “The ISB does not form part of the constitutional structure of the Church of England. In its initial phase (phase one) it comprises three individuals who are engaged to provide services to the Archbishops’ Council, acting not as its agents but as independent service providers at arm’s length.”
Mr Jones, the survivor who brought the third complaint, said: “I question how the ISB can have separate status as a data controller when, by the admission of the lead bishop, the ISB has no constitutional status, is not a legal entity, and comprises just three independent service providers.
“Those coming into contact with the ISB have found there are no boundaries between the ISB, National Safeguarding Team, and Archbishops’ Council. Victims just do not trust that the ISB will properly protect their data and identities, as demonstrated by yet another adverse finding. . . Victims cannot work with an organisation that they do not trust.”
The ISB spokesperson confirmed that the ISB is a separate entity with its own GDPR data controls in place, and that all ISB members have undertaken GDPR training.
Mr Jones also pointed to the recent update on church safeguarding from the NST, which is to be presented to the General Synod next week (News, 24 Janaury). “The ISB is not mentioned once,” he said. “The ISB appears to be increasingly sidelined by the Church of England.”
The ISB has not been invited to speak to the Synod next week. Instead, it plans to publish an update on its website this week.