While there is a reasonable chance that the ability to email sensitive data without encryption (or indeed to lack the ability to use encryption) was down to poor system design, there are other (equally depressing in many ways) possibilities
1) The system designer included secure email, but was overruled by
a) His boss, who had to try an deliver to the price the salesman had promised
b) The Police contract negotiator (who cut scope to save us money!)
2) The design included secure email, but it was not implemented.
a) Because it could not be delivered on time, so his boss cut scope to make it fit.
b) Because it could not be delivered on time, so the salesman cut scope...
c) Because the delivery schedule just didn't allow time to test it.
Unfortunately IT contracts are often negotiated by people who not only do not have sufficient technical knowledge to understand the details of them, but who consider 'big name' and 'lowest basic cost' to be the most important factors. Typically these people are unlikely to listen to anyone who does understand ideas such as requirements analysis, specification, design, testing, hence the large number of failed IT projects.