Overview

• A mass email sent late on Aug 26 by Kennedys Law listed the details of 194 people registered for updates on the independent redress scheme before being recalled minutes later.
• Kennedys Law accepted full responsibility, described the incident as human error, apologised to those affected and began contacting them directly.
• The firm reported the breach to the Information Commissioner’s Office and the Solicitors Regulation Authority, and the ICO said it is assessing the information provided.
• The Church of England said it is not the scheme’s data controller but expressed profound concern and is in discussions with Kennedys to prevent a repeat.
• Survivor advocates and lawyers condemned the breach, called for compensation and stronger independent oversight, and reported at least one formal complaint citing compromised anonymity.