Kieran Poynter, who conducted the review on behalf of the government, is Chairman of PricewaterhouseCoopers' UK operation.

According to Chancellor of the Exchequer, Alistair Darling, commenting last week:

"Kieran Poynter's report is in two parts. The first deals with the circumstances giving rise to the loss. The second part deals with his wider findings and recommendations.

Darling continued:

"He found that in March, because the HMRC staff involved then were unaware of the relevant guidance, which in itself lacked clarity, they did not escalate the request to the appropriate level of seniority before releasing data to the NAO."

"As a result, no senior HMRC official was asked to permit the NAO to take the data off-site to conduct its analysis and no such official knew that this was envisaged...Mr Poynter has concluded that these events in March last year then created a precedent which allowed a similar transfer to take place in October without the appropriate level of authorisation or adequate consideration of the security risks of releasing such a large amount of personal information."

"He says that senior managers were unaware that the data had been moved from HMRC premises in March and October until the loss of data was subsequently reported to them."

"He concludes that the data loss incident arose following a sequence of communications failures between junior HMRC officials and between them and the National Audit Office."

"However, he finds that the loss was entirely avoidable and the fact that it could have happened points to serious institutional deficiencies at HMRC. Firstly, information security simply was not the management priority it should have been. And secondly, management structures and governance were unnecessarily complex and did not establish clear lines of accountability."

"Moreover, he points to a lack of clarity in communications and the failure to involve senior HMRC staff as being contributing factors in both cases. Mr Poynter makes clear in his report that both these failings have now been addressed."

In all, the Poynter Review made 45 recommendations, all of which have been accepted.

Darling further observed that:

"HMRC has made good progress on 39 of the recommendations including 13, which have been fully implemented. Work is continuing on the remaining recommendations."

Responding to the publication of the review, the HMRC acting chief, Dave Hartnett, wrote to the Financial Secretary to the Treasury (FST), Jane Kennedy.

In the letter, he announced that:

"HMRC is absolutely committed to delivering all of their recommendations and to ensuring data security remains an explicit priority in the future.Since the incident HMRC has significantly strengthened data security."

"While the IPCC found no evidence whatsoever of misconduct or criminality by any member of HMRC, the two reports make it clear that the data loss was avoidable and a result of serious failings within HMRC. In short, it should never have happened."

"Immediately following the data loss, both HMRC and the police carried out extensive searches in an attempt to locate the missing data. While the data has not been found I can confirm that there is no evidence of any fraudulent activity as a result of this loss."

The review was also recently welcomed by the Chartered Institute of Taxation (CIOT).

Nick Goulding, CIOT President, commented:

“It is refreshing to read a report about a disaster with so many positive suggestions for the future. HMRC and their Acting Chairman are to be congratulated for having reacted so swiftly to put new protections in place. The same momentum applied to many of the other Poynter recommendations stands a good chance of restoring HMRC’s reputation."

Tax agents are identified in the Report as important to take forward certain key initiatives that are suggested.

Welcoming the recommendation that agents should be at the leading edge of new developments, CIOT said that better systems will enable advisers to drive down costs for the benefit of clients and HMRC.

The CIOT intends to meet with HMRC in order to discuss how the identified improvements can be achieved.