ACT Policing has identified compliance issues dating back 13 years in how it requests mobile device location data as part of its investigations.
The compliance issues relate to record-keeping, authorisations and reporting of requests made for mobile device location information, dating back to 2007.
An independent audit will be carried out by PwC, and the Commonwealth Ombudsman will also investigate after ACT-Policing self-reported to the watchdog.
ACT police said issues were identified relating to record keeping, authorisations and reporting of requests made to telecommunication carriers going as far back as 2007.
The requests were made by police to identify mobile phone location data as part of investigations into serious crimes such as murder, kidnapping, drug trafficking, terrorism or firearms offences.
The compliance issues being investigated are not whether the location data was used improperly, but the administration around such requests.
ACT Policing is still confirming how many compliance issues there have been, and that will form part of the independent audit.
A spokeswoman wouldn't confirm if any convictions had been endangered by the compliance issues.
Commonwealth Ombudsman Michael Manthorpe welcomed the disclosure from ACT Policing, but said the breaches were concerning.
"The issue is of serious concern, given the covert and intrusive nature of these powers and the duration and potential scale of the non-compliance that has been identified," Mr Manthorpe said.
"The Ombudsman has made suggestions to the AFP about the scope of the audit, in particular to ensure that it comprehensively examines the extent to which specific legislative provisions in force at the relevant times were breached, and their implications."
READ MORE:
-
ACT police illegally accessed metadata 3365 times
- 'Local council government': Dutton, Barr trade barbs over ACT cops metadata bungles
- Commonwealth Ombudsman Michael Manthorpe says metadata laws need work
- Innocent bystanders are increasingly being impacted Australia's national security laws
An ACT police spokesman said the requests made to carriers were to find the general location of a mobile device and not to provide metadata or private messages.
"Location requests can only be made for investigation into serious offences punishable by imprisonment for at least three years," the spokesman said.
"Offences that meet these definitions include murder, kidnapping, drug trafficking, terrorism, aggravated robbery and firearms offences."
The compliance issues were self-reported by ACT police to the Commonwealth Ombudsman on January 24.
The audit into the compliance issues will be carried out by PwC Australia, which is expected to be completed by June.
"The Australian Federal Police has identified and taken corrective action to ensure legislative compliance, including appropriate recording, authorisation and future reporting," the police spokesman said.
"The AFP has worked with the Commonwealth Ombudsman's Office to establish this agreed method of assurance through audit and inspection by PwC Australia."
Today's announcement comes after it was revealed last year that ACT Policing had accessed telecommunication metadata more than 3000 times in 2015, also due to issues with authorisation.
A spokeswoman for Police Minister Mick Gentleman said the minister would be meeting with Mr Manthorpe to discuss the non-compliance issue.
"The Minister will be working with AFP to ensure steps are taken to address this, acknowledging that this issue was self-referred and publicised by them," the spokeswoman said.
