Camille Biros speaks during a November 2018 press conference in the Philadelphia Archdiocese. (CNS/CatholicPhilly.com/Matthew Gambino)
A clergy abuse victim who participated in the Philadelphia Archdiocese's independent compensation program for survivors is alleging that the confidentiality of nearly 50 other victims was compromised when the program administrator mistakenly sent the individual an email in 2019 with the names of participants from another diocese's program.
Since October 2016, Kenneth Feinberg and Camille Biros, national mediation experts who managed the compensation payouts to victims of the Sept. 11 attacks and the Boston Marathon bombing, have partnered with Catholic dioceses throughout the country to implement voluntary programs where victims pursue their claims outside of court.
Camille Biros speaks during a November 2018 press conference in the Philadelphia Archdiocese. (CNS/CatholicPhilly.com/Matthew Gambino)
Victims whose cases fall outside the statute of limitations are allowed to seek compensation under these programs, which often rely on a lower standard of evidence than court proceedings.
If the victim agrees to compensation, they are guaranteed that their information will remain confidential and they waive their right to pursue further litigation. Among the dioceses participating in similar programs, which are quickly becoming the standard model for handling abuse payouts, are the archdioceses of New York, Los Angeles, and Newark, New Jersey.
The Philadelphia program, known as the Independent Reconciliation and Reparations Program, was initiated in 2018 and as of this spring has had more than 600 claimants come forward. Among those participants was an individual who on Aug. 23, 2019, received an email from Biros listing the names of 47 claimants in the Pittsburgh Diocese's compensation program.
The email included the names of 45 individuals who had been deemed eligible to participate in the program and two others whose abuse was perpetrated by religious order members, not priests of the Pittsburgh Diocese.
Upon receiving the email from Biros, the participant — who has requested anonymity due to the promised confidential nature of the program — informed the Feinberg Law Group of the error but was unsatisfied with the response. The person told NCR they were not guaranteed that the victims whose identities had been disclosed would be informed of the error.
Lynn Shiner, the victim support facilitator for Philadelphia's program, confirmed to NCR that the victim reached out to her with concerns that she had been the unintended recipient of an email that compromised the identity of the victims.
Shiner said she referred the victim to Judge Lawrence Stengel, a former chief judge for the U.S. District Court for the Eastern District of Pennsylvania who served on the program's Independent Oversight Committee.
Stengel met with the victim and the victim's siblings, who were also reconciliation program participants, on Dec. 23, 2019. He told NCR that he commenced his own investigation into what had occurred.
"The concern was whether there were systemic problems with security of the names of people who made claims in the Philadelphia program," Stengel said by phone. "That's what we wanted to look into, as well as the circumstances of this communication containing names of claimants from another program."
"Camille Biros explained that she was sending an email to a team member and the address auto-populated" with the victim's name, Stengel continued. "She simply didn't catch that and it was a one-off auto-population mistake which she freely acknowledged."
Stengel said the committee was satisfied that there was not a systemic issue with the way data was being handled and that he informed the lawyers for the Philadelphia Archdiocese of the incident and the committee's conclusion.
Advertisement
In an email, Biros categorized the incident as "pure and simple human error."
"There was no detail[ed] information about these individuals and there were no attachments to the email," she said. "It was a list of potential claimants contained in the body of the email with no additional information. There was no data breach. No hacker entered our system."
Biros said the law firm's server receives regular maintenance and that the system automatically encrypts documents to prevent potential hackers from accessing the data.
The Philadelphia victim, however, said the response from Biros was too dismissive and also raised questions about whether the victim's own information as a participant in the program was secure.
"I thought that being a claimant in the Independent Reconciliation and Reparations Program would help close that chapter of my life," said the victim. "Instead, it felt like a violation. Again. There was no concern for claimants' privacy."
Further, the victim still believes that the individuals whose names were disclosed should be informed of what took place.
The Pittsburgh Diocese told NCR that it was informed by Biros of the email being sent to a mistaken recipient and relied on Biros for resolution of the matter.
"In accordance with the original agreement with the Feinberg Law Group, we do not know, nor were told, nor should we have been told the information that was mistakenly shared because of the independence of the fund," the diocese said in a statement.
Biros said she did not inform the Pittsburgh victims because "the sole recipient of the misdirected email came forward and we considered that the end of the issue."
To date, Biros said, the Feinberg Law Group has authorized payments totaling more than $451 million to more than 4,500 victims. She said the compensation programs have been "very successful and extremely well-received."
"These programs by necessity include personal information for those who participate in our programs," she said. "This unfortunate misdirecting of the email was human error and was mine alone."
[Christopher White is NCR national correspondent. His email address is cwhite@ncronline.org. Follow him on Twitter: @CWWhite212.]