Keiran Poynter cannot afford to underestimate the strength of public feeling about HMRC mismanagement of data and dsitribution. Only today Link, the UK ATM network, said that the number of people changing PIN numbers at cash machines rose by 50% in the three days following the HMRC data loss announcement. Once figures for people changing online security details are added in the spike is likely to bre even greater. After all a poll earlier this week revealed 62% of adults who receive child benefit checked their bank statements with 10% changing their passwords and 6% their PINs.

Richard Murphy argues 'the data loss dimension of this story is about as big as “Man bit dog”' as it's only 'pretty basic data' that's missing. Indeed he cites an Accountancy Age story that quotes an HMRC official as saying that the phone lines at HM Revenue & Customs were only a little busier than normal ... as the expected deluge of calls about HMRC’s loss of 25 million people’s personal data failed to materialise.

I'm not sure I agree that this is all quite so insignificant.

The queue of people ready to offer HMRC and Kieran Poynter advice on how the department should improve its data security is a long one. But I'm ready to join the line after noticing a new guide to managing the business risks of fraud on the Institute of Internal Auditors (US) web site.

Of the increasing risk IT presents to organisations it says: 'A poorly designed or inadequately controlled IT environment can expose an organization to fraud. Today's computer systems, linked by national and global networks, face a variety of threats that can result in significant financial and information losses and an ongoing threat of cyber fraud. IT risks include threats to data integrity, threats from hackers to system security, and theft of financial and sensitive business information.' [To that add inadquate policing of corporate policies.] 'Whether in the form of hacking, economic espionage, web defacement, sabotage of data, viruses, unauthorized access to data, cyber fraud can affect everyone.'

The paper offers remedy as well as diagnosis: 'To manage the ever-growing risks of operating in the information age, an organization should both know its vulnerabilities and be able to mitigate risk in a cost-effective manner. Therefore, an IT risk assessment should be incorporated into an organization's overall fraud risk assessment.'

Better get started then.

I notice Deloitte has extended the range of its flexible benefits package for staff with a timely addition. As well as the usual features (ability to purchase additional holiday, travel insurance, dental insurance, childcare vouchers, critical illness cover etc) staff can now acquire 'identity theft protection.... designed to help protect staff from becoming a victim of identity fraud, one of the country’s fastest-growing crimes.' This was presumably put in place before HMRC's slipped discs but I wonder whether take-up of this feature has been higher than usual in recent days.

(Full marks to the firm's press office for announcing the move on the day after HMRC admitted to putting 25 million identities at risk; not so much a day to bury bad news as a day to announce opportunistic news).

Once the outrage over the HMRC disk debacle subsides, attention is likely to shift to one of the more interesting aspects of the security breach: the person Alistair Darling has turned to conduct the review. After all PwC supremo Kieran Poynter isn't a natrual Whitehall insider. He has always happily left government negotiations to his colleague Peter Wyman and, before that, Roger Davies.

In terms of senior partners, hot-footing it to the Treasury or DTI (as was) to argue on behalf of the profession usually fell to KPMG's Mike Rake.

So for Poynter to be asked and to accept this role is interesting. Particularly as his term as senior partner comes to an end next summer.

The loss of two computer discs holding the personal details of every family in the UK with a child under 16 should be inconceivable. Even typing those words makes it sound like a work of fiction. But as we all know it's happened and is receiving blanket coverage on the evening news.

A head has rolled already, that of Paul Gray, chairman of HMRC. Though well liked by the profession, he is right to go - this is a lapse so serious that it is important for someone to take responsibility. Other former senior HMRC officials we spoke to today winced at the news - 'there but for the grace of God' was the substance of their response.

The massive security lapse begs so many questions:

Congratulations to all the winners of last night's Accountancy Age Awards. KPMG picked up five gongs (including Global Firm of the Year), Alex Horne won one for his work at Wembley, and Ian Dyson, finance director of Marks & Spencer's hugely impressive finance director won the coveted Blue Chip FD of the Year Award. I won't list all 27 winners (though you can see them here) but there were a couple of interesting victors in the Best Use of Internet categories, which deserve attention.

Congratulations to Dave Hartnett. The HMRC director general may not quite have won his battle against tax avoiders yet but he has won an award for his podcasts, courtesy of the Institute of Financial Accountants. It's an innovative approach to improving communication with taxpayers and was deservedly recognized.

I was surprised (and flattered) to be recognised in the same awards. Rachel Bridge of the Sunday Times and I were winners in the Business Finance Journalist of the Year in the print category, while John Humpryhs and Adrian Chiles won the radio and TV awards respectively.