Wasn't refering to the Data Protection Act, but to what is defined as a data breach, as defined by the ICO.
"Releasing personal details without the express consent of the individual will be deemed a data breach". There are caviats to this, but the principle holds true for most organisations.
The DPA is purely the legislation to ensure that "Organisations which process personal data must take appropriate
measures against unauthorised or unlawful processing and against accidental loss, destruction of or damage to personal data."
The DPA in itself does not prevent an organisation from releasing information, as you rightly say, and is often mis-quoted as the reason why something can't be done.
Its what's kept me in work for 20 years. :-)