Wembley Police (Met) have made the same mistake
I'm on the local community list with Wembley police and they've REPEATEDLY made the same mistake.
They've sent numerous emails with all email addresses shoved into the `to' field. The first time I complained to them, they couldn't give a crap. The next time they did it, I sternly told them I was going to complain to the ICO. This made them buck up their ideas, so that now they throw all the email addresses into the BCC field, with no recipient at all in the `to' field. Often they send without a subject line as well.
This is because of 3 things:
1. The Met have not insisted that email lists are run using a proper email list manager with confidentiality and unsubscribe built in.
2. There is no formal training or policy for how emails should be handled
3. Officers are left unsupervised with access to the email system and email addresses kept as clear text in text files, ready to be copied and pasted in.
The whole thing is a joke.
One email I received from Wembley Police, which shared my email address with around 100 other recipients, was trying to encourage me to sign up to a London-wide community email list. If they couldn't keep my email address private with 100 other people in my borough, how on earth could I trust them with a list that spanned the whole of London?
"Those emailed were not members of the WYGPA, and had provided their email addresses when attending a public event and indicated they wanted to be contacted with information and news, such as the contents of this email.
No confidential information was disclosed and no other details other than the email addresses of those individuals are held by us, and these email addresses are retained solely by the WYGPA."
This smacks of total arrogance by the police, same as here in Wembley. They believe that because you gave them your email address, you don't mind it being shared with others.
I hope they don't run an email list of snitches - could be very serious.
Unbelievable that the police, including the Met, think that the Data Protection Act doesn't apply to them.