1) Why weren't HMRC's security policies properly policed? No private sector organisation of HMRC's size and influence would allow this to happen. Systems would be tight enough to allow for no human error or misinterpretation.

2) Will Paul Gray be receiving a pay-off?

3) What will happen to the 'junior official' who copied the data to disc?

4) At the risk of repeating number one, why the hell was he able to do so?

5) Blogger Ian Dale is reporting tonight that ministers have been warned recently of similar cases. We know of at least two other significant breaches of HMRC security in recent months. Have there been other cases of information being downloaded to disc of sent to the wrong person or lost? If so that could make it a case where ministerial accountability is rightly sought.

Perhaps most significantly, with banks receiving several days' notice of the breach it is impressive that the story did not leak. And that perhaps highlights the significance of this woeful tale. It is in everyone's interests that the systems that allow taxpayers and state, customers and companies to interact are watertight. And are seen to be so.

This failure is not just one of perception, but one of reality. And it couldn't have come at a worse time. A lack of trust has held back the government's efforts to persuade citizens to conduct business with central and local govenrment online, though it was a battle that was being won. Until now. Though the issue here is different, it will do the government's battered reputation for competence in technology management no good at all.

Similarly with the run on Northern Rock affecting the man on the street's confidence in the banking system, a warning to customers to change passwords if they are using their children's names or birth dates will only do further damage.

It really is a sorry state of affairs. More doubt tomorrow and in the days ahead. Will HMRC director-general Dave Hartnett be confirmed as acting chairman? And does PwC chief Kieron Poynter's review of HMRC systems promise?