Only police officers with a search warrant should be able to get hold of Parliamentary swipe card access data, a committee looking into the release of reporter Andrea Vance's records has been told.

Act leader John Banks made the suggestion at a parliamentary privileges committee looking into the release of Vance's phone, email and swipe card records.

The records were released by Parliamentary Service to an inquiry, led by former top public servant David Henry, which was set up to look into the leak of a report on the GCSB spy agency.

The privileges committee today heard from David Stevenson - the acting head of Parliamentary Service since the departure of former general manager Geoff Thorn, who stepped down amid controversy over the release of the records.


Committee member Mr Banks suggested to him that only police officers with a warrant from the High Court should be able gather information from Parliamentary Service while pursuing a criminal inquiry.

"As opposed to what we have - an unqualified public servant who made a botch of it, sneaking around this place, getting information illegally."

Mr Stevenson said he would seek guidance form the committee on the matter, but said there were two circumstances under which records could be released - if they were lawfully requested, or if the release was authorised by the person to whom the records belonged.

Mr Stevenson said he would like clear protocols going forward.

"Because we're very clear that this is an isolated incident which occurred. This is not the way the Parliamentary Service operates normally - we work very formally, we take those requests very seriously."

Privileges committee chair Chris Finlayson asked whether the principles governing access to recorded images - which allows for their retrieval for safety and security purposes only - should also apply to access cards.

Mr Stevenson said Parliamentary Service's policy statement lacked detail around the access cards.

"But from a practice perspective, we're very clear that access records should only released if they are lawfully requested or the individual's authorisation has been provided."


Mr Stevenson said there had been five occasions since 2008 when access card data had been released - two where individuals requested access card records, one criminal investigation, and the two recent releases of the records of Vance and MP Peter Dunne.

He said he had contracted KPMG do conduct an independent review of the timeline around the events, and to clearly detail how the unauthorised access of the phone records and emails occurred.

The second part of the KPMG review was to look at the adequacy of Parliamentary Services' processes and procedures.

"And I think that that's clearly something that we as Parliamentary Service will need to focus on in coming months, when we've got the recommendations form KPMG, to ensure that this isolated - and I must stress isolated - incident doesn't occur again."