New Zealanders' personal information - from passport information to credit card details - is being stored and processed in overseas databases, alarming the Privacy Commissioner.
Marie Shroff warns that New Zealand privacy laws do not apply beyond our shores.
"It raises real questions over whether we have protection,"
she told the Weekend Herald. "It's not something that one wants to get unduly panicked about, but we need to advance cautiously."
In an address to the Government Information System Managers' Forum last week, she said the amount of data-matching across public sector agencies had experienced "phenomenal growth".
"And yet I suspect few New Zealanders are aware of that escalation.
"Apart from the simple increase in matching work, there are matches which involved data being sent offshore. And businesses carry out data matches too, [although] the size and scale of private sector matching is unknown because there is no monitoring."
She outlined several public and private sector examples of cross-border dataflow, including:
* New Zealand passport data in Sydney - "I was more than a little surprised when I found out the entire database of New Zealand passport information is also held by another country."
* Most banks in New Zealand are Australian-owned, making it likely information is held in Australia
* Credit reporting company Veda Advantage has developed plans to store financial information on databases in Australia.
* Airline passenger information is transmitted to Atlanta, where the US Department of Homeland Security accesses it for security purposes.
Data-matching was global in an age where everyone is an "electronic citizen".
Ms Shroff said that while citizens could address Government misuse of information through the Privacy Commission, the private sector was outside these bounds unless the company in question had a base in New Zealand.
