As soon as I read the examples of a data breach by including addresses in to or cc I thought that's entirely the fault of people, not email as a technology, they should have sent a separate message to each person. So it's nice to see the ICO report you linked to mentions sending a separate message to each person as something the Trust failed to do. I am confused by their wording though: "The Trust failed to use an account that could send a separate e-mail to each service user." This, and subsequent mentions, make it seem like the ICO believes the ability to send the same content to multiple recipients as separate messages is a function of an email account, but seems to me that's a function of an email client.

I think a lot of problems with email could be solved by better clients. I consider clients which do not support inline replaying and do not provide signature delimiting (and automatic discarding of signatures from quoted replies) as barely fit for purpose. I’ve yet to encounter a version of Microsoft Outlook which supports either. I’ve seen Outlook users try to invent their own method of inline replying, it’s always a mess which makes me wish they had stuck to clumsy top posting plus partially re-stating the points they are responding to method.

A lot of problems with email could be solved by outlawing HTML formatted email. It aides phishing by showing people one URL and taking them to a different one. People abuse it to do ridiculous things like putting seven images in their (not delimited) signature, setting a background image on all their messages, and doing myriad things to create messages where at least part of the plain text version (if there is one) is an incomprehensible mess.