Over the weekend, we learned something important: the Labour Party has unforgivably bad IT security. This is already being used to embarrass them, and there's the promise of more on the way - specifically information on their online donors.
Over at The Standard they're crying foul and "theft!" - exactly the opposite of their position on the Don Brash emails - but nothing of the sort seems to have occurred. Instead, Labour seems to have just left stuff lying around on the web for anyone to look at. The only breaches of law and ethics here are on the Labour Party's side; their donors and members have privacy and information security rights, which Labour has violated. If people give you information, you have a duty of care over it, and this is enshrined in law through Principle 5 of the Privacy Act. And anyone whose information was treated so carelessly has recourse to the Privacy Commissioner.
(There is apparently evidence that National accessed the data first, before turning it over to one of their pet bloggers to publicise while keeping their hands clean. Good tactics, but it only works if its secret. And none of that excuses Labour's unforgivable slackness and incompetence).
As for the leakee, what they should do depends on what they have discovered. There are obvious ethical questions about whether to publish the information. While there is a strong public interest in identifying large donors or dubious behaviour so as to hold the party and the powerful to account, there is no public interest in identifying ordinary citizens giving small amounts of money. Given the identity of the leakee, I expect those questions to be completely ignored.