If, for example, I buy something from a New Zealand (i.e local) website, I know what the rules are. If I buy from Amazon, I know the rules are probably the US ones, which are well known to be broadly similar to NZ. On the other hand, if I make some online travel arrangements through, say, a Peruvian website – well, what are their rules? Do they have an equivalent to our Privacy Act?

Not to mention, what can I do about it if a foreign site breaches their own rules? A local site, I can lay a complaint with the appropriate regulatory organisations. If Amazon misplaces a disk containing an unencrypted copy of their customer database, what can I do about it? Not much, I’m thinking…