There is a government site all about contact point here:
It contains "ContactPoint Security: Deloitte's independent review
This link contains documents about the scope, findings and Government response to the Deloitte review."
The link itself says "The contents of this page have been removed and the latest information is available from the ContactPoint page."
So we have a ciruclar reference, and no independent security report. Google cache to the rescue:
or for short
And what do these documents that seem to have been hidden from public view say?
Well the last paragraph of the executive summary says:
"While the ContactPoint team can design strong controls into the system and provide good advice to connecting organisations, there is a limit to their ability to enforce good practice or to monitor incidents and control breakdowns. We recommend that the DCSF participate in government-wide security initiatives to maintain and enhance roles, responsibilities and accountability for the security of systems such as ContactPoint that extend across multiple Departments and other organisations. These initiatives could help to define methods for effective sanctions for non-compliance or incidents."
Or to paraphrase: "We could loose bucketloads of data and never know".