Farmers' bank details missing
CIVIL servants were last night accused of a "cover-up" after it emerged that disks used to store the bank details of thousands of farmers were lost by bungling officials five months ago.
The Rural Payments Agency, widely seen as one of the worst-performing Government organisations, realised in May that 38 back-up tapes and one CD were "unaccounted for" during routine checks.
-
Ministers were told of the loss only this week, after details were leaked by disgruntled staff.
Critics said it "beggars belief" farmers were not told about the potential threat to their personal details for months, and the National Farmers' Union said it was "horrified" by the revelations.
The disks were used to store information on farmers applying for subsidies under the disastrous single payment scheme, which was has been so badly run, it could leave the taxpayer with a £630 million bill for the shambles.
Eventually, 35 of the tapes were found, and of the four items still missing, one tape and the CD are not thought to contain "personal protected data".
However, two tapes could contain sensitive personal information belonging to thousands of farmers, including their names, addresses, bank details and their claimant payment information.
Environment Secretary Hilary Benn told the Commons the two missing tapes "potentially contained partial data in code".
"Tapes of this sort can only be read with specialist equipment and detailed technical knowledge," he said. "Furthermore, one of the two tapes was known to be faulty and had been reported as such since it could not be read."
Mr Benn said he wanted to reassure farmers "that there is no evidence that tapes are in the public domain".
A "forensic investigation" was carried out in accordance with Cabinet Office guidelines and officials concluded there was "only a low risk of any usable personal data having been lost".
The Department for Environment, Food and Rural Affairs insisted the "risk of information getting out is very low".
The loss of personal information at the RPA has echoes of HM Revenue and Customs losing the country's entire child benefit database in a catastrophic security blunder two years ago.
In that case, an official repeatedly sent password-protected disks in the post which disappeared. The civil servant then kept quiet about the problem hoping the package would "turn up".
The tapes lost by the RPA are understood to have gone missing after they were transferred from offices in Reading to Newcastle in the spring. But at no time has the agency or Defra attempted to inform farmers about the breach until it was leaked to Farmers Weekly this week.
Last night, Shadow Environment Secretary Nick Herbert said the delay in making the loss public "looks like a cover-up". He called on Mr Benn to "accept responsibility for another foul-up" by the RPA.
Amazingly, it emerged Tory MP Michael Jack, who chairs the Commons select committee probing the work of Defra, was aware of the lost information up to 24 hours before Mr Benn.
Mr Jack pointed to a recent National Audit Office investigation of the RPA which revealed it had "scant regard for protecting public money".
He asked: "When, at ministerial and senior official level, is somebody going to take responsibility for this shambolic organisation, get to grips with it and publish a report about what its future holds?"
Mr Benn accepted the RPA's history was "not a happy one" but improvements were being made.
Liberal Democrat environment spokesman Tim Farron said: "Yet again, the Government has had to own up to a potentially catastrophic loss of personal data, this time at an agency already damned by its scant regard for taxpayers' money.
"It beggars belief that civil servants took six months to inform farmers affected by this staggering loss."
NFU president Peter Kendall said: "We are horrified that the RPA cannot locate two tapes which may contain farmers' personal data.
"We want to know why this was not reported to the Secretary of State and to the industry as soon as the tapes were known to be missing. There are questions here that need answering."
19 Comments
View all
by henry blince, devon
Friday, October 30 2009, 7:15PM
“And finally, what would you have them do? There's no other way, the world would grind to a halt.”
by henry blince, devon
Friday, October 30 2009, 7:13PM
“Gary McKinnon wasn't even a particularly talented hacker. The American defense hack was down to an idiot who left the door down; that was McKinnon's argument for doing it in the first place, to show that they were wide open. They could could have kept him out if they applied themselves.
Not one single loss of personal data over the past 10 years has been because a talented hacker has broken down a robust system, which is what you seem to be arguing is not only possible but inevitable and common, it's been because someone was negligent. I've been using online banking for, I'd guess, nearly 15 years. My bank has never had one single loss of funds or personal data, not for one single customer. It is possible, it's happening. Just not in some government departments.”
by Charles Henry 1945-(diuturnity), Somersetshire
Friday, October 30 2009, 7:12PM
“:| Henry as I am given to understand; very sensitive data and programs are having to be constantly checked against perfect duplicates to make sure there has been no corruption; either intentional or accidental. .
Henry, I don't really doubt your expertise in these matters, but I think maybe we should maybe now call a truce. . Best Charles”
by Charles Henry 1945-(diuturnity), Somersetshire
Friday, October 30 2009, 6:43PM
“:| Henry which ever way you try and argue this, I'm afraid you are just plain wrong. . If people set out to infiltrate, steal, alter or just corrupt data, they will eventually succeed. . Even the American defence industry can't keep people out. . . All the 'human' copying and loss problems that you are referring to, just add to the nightmare. . This is the reason I am so implacably against ID Cards. . They just the control of the honest. . They are 21st Century manacles. .”
by henry blince, devon
Friday, October 30 2009, 6:04PM
“"Computers are fallible. . All code can be corrupted or become corrupt"
You're being disingenuous Charles. Yes, datum does occasionally become corrupt but good backup policy, redundant storage arrays to all intents and purposes makes the problem go away. Literally millions upon millions of web sites operate for decades with their datum intact. Online storage facilities safely store billions upon billions of terabytes of information for decades without loss. It's a no-brainer, digital data is fabulously safe.
But you're running off-topic Charles. Again - it's a hobby of yours, isn't it. The real issue here is personal data security, not data integrity. So, look back over the last few years where personal datum has gone missing; lost laptops on trains, posted CDs, USB sticks gone missing; ask any data security expert, he'll tell you that it's *people* that cause security breaches, not computers. It's human error, not computer error that causes data loss. A *human* made a mistake. If the *human* had left the information on the computer, or taken sensible precautions to safeguard it, the datum would still be safe.
Once again, this is about organisations not educating their employees, not putting in place and enforcing good codes of practice to ensure the safety of personal data. The Data Protection Act is very clear on this. Employees *must* put in place rigorous codes of practice designed to protect data. It looks like this may not have been done in this case but equally, it looks like an investigation is in progress and doubtless the Information Commissioner's Office will be involved. It will be interesting to see the outcome.”
by Beau, st awful
Friday, October 30 2009, 5:51PM
“Perhaps farmers are worried that we might see how much taxpayers money they get for doing nothing and that they're never as poor as they make out!!!”
by Charles Henry 1945-(diuturnity), Somersetshire
Friday, October 30 2009, 5:20PM
“:| But how do you ever see anything with your head stuck up there Henry?”
by Chris, Cornwall
Friday, October 30 2009, 4:40PM
“Touche!”
by henry blince, devon
Friday, October 30 2009, 4:31PM
“"Garbage IN¿Garbage OUT"
so I see.”
by Charles Henry 1945-(diuturnity), Somersetshire
Friday, October 30 2009, 4:30PM
“:| Well I can certainly educate you Henry, and so can Herbert Shildt. . I was writing my own company Software 25years ago.. . How's your machine code?
Computers are fallible. . All code can be corrupted or become corrupt. . Few errors are immediately visible, and nearly always compounded.
Garbage IN¿Garbage OUT
0010011100010000 ¿¿¿ 1010011100010000
The difference is 32768.
Your mouth is obviously much bigger than your brain.
You should try using it before you start accusing people of ignorance.”