Police have again been caught unlawfully harvesting private banking information in the search for the hacker behind the Dirty Politics book.
This time it is activist and journalist Martyn Bradbury who has been drawn into the police investigation.
And this time police inquiries are said to have had an awful impact, leading to two suicidal episodes.
Bradbury's is the latest case of police unlawfully exploiting the Privacy Act to get personal banking information without getting a court order.
It follows the revelation that Dirty Politics author Nicky Hager also had his banking records handed over to police without any legal compulsion to do so.
The practice has been ruled unlawful after Bradbury - who runs The Daily Blog website - complained to the Privacy Commissioner.
Bradbury told the NZ Herald he uncovered the police probe after being rejected for credit by his bank.
He said he became suspicious because the "extensions of credit weren't extravagant and the manner in which the declines occurred just seemed odd".
When Bradbury sought information through the Privacy Act, he discovered that detectives working on the Rawshark case had made a request for his records saying they were investigating "computer fraud".
Detectives did so quoting a section of the Privacy Act allowing those holding data to ignore people's privacy if there are "reasonable grounds" to believe it would help "maintenance of the law".
The ruling from Privacy Commissioner John Edwards found police gave Bradbury's bank no information to make an assessment of whether the request was "reasonable".
Edwards rejected police submissions that the request only lacked supporting information for the bank to make a proper decision.
Even if police had provided the information, Edwards said detectives "were not justified" in asking for the banking records without a legal order from a judge.
"It is our view the request for your banking records, given their sensitivity, ought to have been placed before a judicial officer for decision on whether it met the grounds for a production order."
He said the "nature and the scope of the request was unfair and unreasonably intrusive".
The request for information was "unlawful" because it was constituted a "search" and the Bill of Rights stated "everyone has the right to be secure against unreasonable search".
Bradbury, who insisted he has no connection to or knowledge of the hacking of Slater's computers, said: "They should have taken it to a judge and got a warrant."
Instead, they sought "everything they could get their hands on".
Bradbury will not name his bank as he intends taking further action.
But he said the bank's refusal to give credit seemed contrary to staff assurances. His suspicions panned out when the Privacy Act request to police showed his banking records had been sought.
He found police had labelled the request for his banking records as connected to "computer fraud" and his credit requests - just a few months later - were being handled by the bank's internal fraud department.
Bradbury said the credit requests were to help keep The Daily Blog going and getting knocked back triggered a huge depressive episode.
He said he had lived with depression since suffering a brain injury aged 18 from a car accident.
"Over the last five years that depression has become very difficult to manage and the financial stress of not extending credit all combined in late 2016 in two suicidal episodes.
"When your little black dog morphs and mutates into a huge black bear, you're looking for anything that will ease the anguish and pain."
Felix Geiringer, the barrister who acted for Hager overturning the police search warrant, said it was hard to understand any "credible basis" for including Bradbury in the Rawshark inquiry.
He said police appeared to have sought Bradbury's records to try and establish the hacker was paid to carry out the hack. "There's no evidence that took place in this case. There's none."
Geiringer said Bradbury - like Hager - was a journalist which conveyed specific protections around searches.
It was the same issue which the High Court rapped police in the Hager case, he said.
The NZ Herald has previously shown how police have used the Privacy Act exploit to gain banking details of potentially thousands of people without any court or judicial order - and that at least one bank has used it to red-flag customers.
The practice was widespread when the NZ Herald exposed it in 2013 and saw police headquarters offer assurances that it would not be used to access detailed banking records.
Yet police continued to use the exploit, not only in the Rawshark investigation against Nicky Hager, but in cases identified across the country.
Police told the Herald that the Rawshark inquiry remained an "open" file although no officers are currently assigned to the investigation.
A spokesman for police said the request for bank records was in line with a "Letter of Agreement" between police and the NZ Bankers' Association.
"Police note that the Office of the Privacy Commissioner agreed that Police had a lawful purpose for collecting the information but that based on the level of sensitivity of the information, a court order was the only method that should have been used to request this."
The spokesman said police wanted to speak with the Office of the Privacy Commissioner "regarding its view on requesting information".
The NZ Bankers' Association did not answer questions about the practice, even though it has acknowledged previously its members have an obligation to protect members' information.
Among the questions it did not answer was whether the banking community had ever checked to see how many customers of banks have had their information provided unlawfully to police.
In a statement, NZBA chief executive Karen Scott-Howman said: "Banks assess all information requests on a case by case basis.
"They only provide information to the Police when they receive a production order that legally requires them to provide information or when the request complies with the Privacy Act."