Pressure is mounting on police over its access to a powerful, privately-owned surveillance network with the Privacy Commissioner now seeking answers.

Commissioner Michael Webster has told police that he wants information about how it audits and monitors access to the systems which link thousands of CCTV cameras.

In doing so, Webster has linked the Herald's report on the police faking a stolen car alert to game access to the surveillance network with its recent inquiry which exposed weak privacy processes.

It comes as police headquarters has said it was considering an audit of how police use the Auror and Safer Cities networks of thousands of cameras in petrol stations, shopping malls, supermarkets and other areas which see large public traffic across privately-owned spaces.

The Herald revealed this week that detectives accessed the network when searching for vehicles connected to the three women who sparked the Northland lockdown in October and did so by falsely reporting at least one car as stolen.

Police headquarters confirmed doing so engaged the networks' Automatic Number Plate Recognition software. Once detectives got alerts on a sought-after vehicle, they removed the "stolen" designation from the system.

A spokesman for the Privacy Commissioner said number plate information was considered personal information when it was used to identify an individual and was covered by the Privacy Act, the Search and Surveillance Act and other legislation.

The spokesman described the Herald report as showing police "misled" the company holding the information "by stating that the information was required for a purpose that is different to the purpose for which it was ultimately sought".

"Should this be the case, this collection may have bypassed the privacy protections that (the holder of the information) and police agreed to in allowing police to access the ANPR database at the time."

The spokesman pointed to its recent inquiry which found the routine police practice of fingerprinting young people and taking and keeping photographs of young people and adults when it was not lawful to do so.

• Police faked car crimes in hunt for women who sparked Covid lockdown
• Police moot audit of CCTV network accessed by fake crime scam

That report said police needed to overhaul privacy practices because of a "general lack of awareness amongst police of their obligations under the Privacy Act".

In relation to the fake stolen car alert, the commissioner's spokesman said it "has raised questions in our minds regarding the robustness of police review and audit processes and practice with respect to appropriate use of ANPR platforms".

The spokesman said those questions related to systems owned by police and those police accessed through third-parties such as Auror and Safer Cities.

The commissioner noted that police had only just updated its policies about automatic number plate recognition systems.

"We have asked Police to confirm to what extent the new policy has been implemented, particularly monitoring and audit of access and use and the provision of training to staff."

The commissioner said it also sought an assurance from police on the "robustness" of its access to ANPR systems, training of those who used the systems and its monitoring and auditing practices.

Police headquarters said around 6000 staff had the ability to access ANPR systems and carried out around 327,000 checks each year. Police and councils operate a fraction of the thousands of ANPR-capable cameras in the country.

Police Minister Chris Hipkins has said he wants assurances from police that those with access to the systems understand the rules associated with doing so.

A spokeswoman for Auror also said the company would be checking with police whether its system was being used properly.

The case emerged through Herald inquiries into the October lockdown of Northland after three women were said to have used false information to get travel permits across the Covid-19 border with Auckland in October.

When one of those women tested positive for Covid-19 in Whangarei then disappeared, the whole region was put into lockdown over concerns that they might be spreading the virus.

It emerged the women did not use false information but that the travel documents were approved in error by a staff member at the Ministry of Social Development. It was also found the women were not prostitutes or linked to gangs, as had been suggested at the time, but were pursuing business opportunities in the North.

Police could have accessed the privately owned systems using emergency powers because of a "serious risk to public health existed". Doing so would have had the same outcome although - it appeared - with more paperwork involved.