Bad companies love to misinterpret data protection regs. It's worth reading up on what the regs actually say, so you can point out that they're in breach of them.
In this case, Talk Talk are in breach because they're sending the customer's personal data to an email address they have been told is compromised. They have an obligation to self-report the incident to the ICO. They can't close the email address without proof, but they have to suspend mail delivery until they're sure it's private.