Breach? Interesting choice of words. I suppose breach of trust, but not quite what we might think of as a "breach" (e.g. the TalkTalk hack). It's not much of a breach if they deliberately give the data away!
I suspect they're going to plead innocence under the very Data Protection statement mentioned in the article:
my GP, other government departments, regulatory bodies or enforcement agencies in the course of either deciding the application or in pursuance of maintaining public safety
MetTrace (clearly branded on the leaflet) is the Met's anti-burglary programme, and they'll say they were targeting firearm owners as a high-risk group of potential burglary victims - thus a high priority for public safety projects. The Firearms Team will say they only gave it to another division of the Met for an approved purpose and didn't know it was going to be sent to a third party for the mail-outs.
Of course, the fact that the Met already have a list of every firearm on their patch including a description and serial number is besides the point! You don't need smartwater to figure out where a recovered firearm has been stolen from!