Police got personal banking details of Kim Dotcom and his staff without getting a search warrant in a move that has implications for bank customers.
Banks, including the ANZ, BNZ and Westpac, turned the information over after deciding there was no Privacy Act reason not to.
The police request referred the banks to a Privacy Act principle which allowed them to release information to "avoid prejudice to the maintenance of the law by any public sector agency including the prevention, detection, investigation, prosecution, and punishment of offences".
The mechanism led to banks releasing - without a legal warrant - the name of the account holder, the account number and home address.
The information was sought in October last year by Ofcanz - the same policing unit heavily criticised this week for its tactics during an investigation of the Red Devils gang. Police headquarters will not comment directly on either case.
The banking industry last night said customer privacy was taken "very seriously" but offered no information about the level of proof needed to turn information over to government agencies.
The Dotcom extradition court file at the North Shore District Court shows Ofcanz Detective Sergeant Nigel McMorran got information on Dotcom and Megaupload staff through the police Financial Intelligence Unit (FIU).
The request to banks for information on October 10 last year came after the FBI accessed email accounts through US-based search warrants.
At that stage, police assistance to the FBI was limited to basic co-operation. The formal request for assistance, which elevates the case's seriousness and powers police can use, was made on November 28.
Mr McMorran said the FBI passed on information and asked the police to find out more about account numbers and staff identified in emails.
An analyst at the FIU emailed a string of banks on October 10 and received information back the same day from the BNZ showing names of account holders, account numbers and home address details. The other banks replied the next day.
Other documents filed with the North Shore District Court show a later request by the same analyst.
The request matched those which bank staff say they got in October in which police referred to money laundering and asked for personal details to be released to assist the "maintenance of the law".
The email in the later case offered no additional information to support the police claim and there is no record showing the banks asked for any.
Dotcom was charged with money-laundering when arrested - the only charge he faces on which he can be extradited. Criminal copyright violation charges are not serious enough for extradition. If they are dismissed, then the money laundering charge also collapses.
Assistant Privacy Commissioner Katrine Evans said it was up to agencies asked for information to form a "reasonable belief".
"They need to make their own judgment calls but simply because the request comes from the police isn't necessarily enough."
She said police needed to specify a reason - and general descriptions of "money laundering" could be enough.
Lawyer Steve Rollo, who represented the Red Devils, said a wider inquiry was needed into police practices. He said information was frequently withheld by police in court cases, leaving a veil of "secrecy" which could mask skulduggery.
Assistant Commissioner Mike Bush said yesterday police were reviewing all aspects of handling organised crime under a new strategy called "Prevention First".