The tax office could have avoided the loss of 25m child benefit records on CDs by establishing a single point of contact over sensitive data transfer, claims the Poynter Review.

Kieran Poynter, chairman of PwC, catalogues a series of factors which led to the loss of data in October 2007.

These included HMRC staff being more concerned about other issues rather than information security, lack of appropriate authorisation for release of data and insecure methods of data storage.

It was noted that if the CDs had been delivered by hand rather via the TNT post service then the loss could have been prevented.

One of the key failures which Poynter highlights was the move to give the National Audit Office the data in full when they had only requested a ‘large sample’.

His comments were backed up by an Independent Police Complaints Commission inquiry which said the junior employee responsible for the loss of the CDs could not be ‘blamed’.

The government said 26 out the 45 recommendations by Poynter had already been implemented.

‘Although no organisation, public or private, can ever guarantee that it will never make a mistake, I believe the measures we are announcing today will ensure that the public can be assured we are taking the necessary measures to keep people's data secure,’ said cabinet secretary, Gus O'Donnell.

Action already taken to improve security includes stricter guidelines on the handling of sensitive personal data, 90,000 employees at HMRC being given additional security training and the encryption of 20,000 laptops at the MoD.

However, it was announced in the Commons today that Information Commissioner Richard Thomas is to serve formal enforcement notices on HMRC and MoD over 'deplorable' lapses in data security.