Privacy where the rubber meets the road

Many months ago, as I was nearing the end of an employment contract and began to prepare for my eventual job search, I was 'head-hunted' by a small firm in Toronto.  This firm specialized in digital marketing types, agency-side and client-side, and were very friendly and personable.

Our relationship petered off when my existing contract was renewed a few months later and my job search slowed to a trickle. I would get the occasional email from them advertising opportunities they were searching to fill, as well as the odd phone call checking in, seeing if I was happy where I was, getting the update, and generally good contact management.  It was a pleasure knowing the small team, though they had yet to actually deliver any results due to my circumstances. 

Yesterday I got an email from one of the staff seeking information or recommendations for a junior position.  This was a job at half my salary range, and was not meant for me, just for me to help them do their jobs.  The problem arose when I realized that the email was not managed or Blind-Carbon-Copied to me (and what I assumed at the time were many other people), but was infact just sent with multiple recipients.

Myself and these 20+ other people (some of whom I RECOGNIZED) were now exposed to each other as recipients of the email, and as having an implied relationship with the firm, either searching or being searched.  You can't un-ring that bell.
I got a followup email (also not BCC'd) apologizing for the mishap, blaming technology, but also taking responsibility for the error.  What if my current boss was on that list?  I knew several people on the list-- should I assume they're like me, and have a legacy relationship with the firm, or should I assume they are unhappy in their job and are actively looking?  

Privacy is important in a web world, but even more so (IMHO) in a personal interaction like a job hunt.  Should I call every headhunter that's ever scraped my details from LinkedIn into their database and tell them to delete me, and never expose my information? It's not really feasible. 

The headhunting industry, recruiters, executive search all have access to equally ruin or reward someones career.  I got a follow call today, after sending them a "please delete all information you have on me, my resume, my contact information, and my email from your list."

There was a little bit of "we're really sorry this happened", but ultimately, what I took from the call was that it wasn't a big deal, BECAUSE of the way the email was worded.  They had said int he original email "help us find someone who would fit this role" or something to that effect, somehow implying that exposing my personal information was o.k. because of the words of the email.  I barely read the email.  I went through every name to see who I knew and how I knew them.  I'll bet they did the same if they're like me.

This Toronto firm, though great individuals, will not get my business in the future as a candidate nor as an employer.  You only get one shot at Privacy like this. 

Names withheld to protect privacy. LOL.