"As opposed to what we have - an unqualified public servant who made a botch of it, sneaking around this place, getting information illegally."
Mr Stevenson said he would seek guidance form the committee on the matter, but said there were two circumstances under which records could be released - if they were lawfully requested, or if the release was authorised by the person to whom the records belonged.
Mr Stevenson said he would like clear protocols going forward.
"Because we're very clear that this is an isolated incident which occurred. This is not the way the Parliamentary Service operates normally - we work very formally, we take those requests very seriously."
Privileges committee chair Chris Finlayson asked whether the principles governing access to recorded images - which allows for their retrieval for safety and security purposes only - should also apply to access cards.
Mr Stevenson said Parliamentary Service's policy statement lacked detail around the access cards.
"But from a practice perspective, we're very clear that access records should only released if they are lawfully requested or the individual's authorisation has been provided."
Mr Stevenson said there had been five occasions since 2008 when access card data had been released - two where individuals requested access card records, one criminal investigation, and the two recent releases of the records of Vance and MP Peter Dunne.
He said he had contracted KPMG do conduct an independent review of the timeline around the events, and to clearly detail how the unauthorised access of the phone records and emails occurred.
The second part of the KPMG review was to look at the adequacy of Parliamentary Services' processes and procedures.
"And I think that that's clearly something that we as Parliamentary Service will need to focus on in coming months, when we've got the recommendations form KPMG, to ensure that this isolated - and I must stress isolated - incident doesn't occur again."