The audit move comes after mounting pressure on police over accessing the privately-owned surveillance network through an exploit that involved falsely reporting a car stolen.
Privacy Commissioner Michael Webster told the Herald he had asked police for information about how it audits and monitors access to the systems which link thousands of CCTV cameras.
In doing so, Webster has linked the Herald's report on the police faking a stolen car alert to game access to the surveillance network with its recent inquiry which exposed weak privacy processes.
It comes as police headquarters reviews it training for the use of the Auror and Safer Cities networks of thousands of cameras in petrol stations, shopping malls, supermarkets and other areas which see large public traffic across privately-owned spaces.
A spokesman for the Privacy Commissioner said number plate information was considered personal information when it was used to identify an individual and was covered by the Privacy Act, the Search and Surveillance Act and other legislation.
The spokesman described the Herald report as showing police "misled" the company holding the information "by stating that the information was required for a purpose that is different to the purpose for which it was ultimately sought".
"Should this be the case, this collection may have bypassed the privacy protections that (the holder of the information) and police agreed to in allowing police to access the ANPR database at the time."
The spokesman pointed to its recent inquiry which found the routine police practice of fingerprinting young people and taking and keeping photographs of young people and adults when it was not lawful to do so.
That report said police needed to overhaul privacy practices because of a "general lack of awareness amongst police of their obligations under the Privacy Act".
In relation to the fake stolen car alert, the commissioner's spokesman said it "has raised questions in our minds regarding the robustness of police review and audit processes and practice with respect to appropriate use of ANPR platforms".
The spokesman said those questions related to systems owned by police and those police accessed through third-parties such as Auror and Safer Cities.
The commissioner noted that police had only just updated its policies about automatic number plate recognition systems.
"We have asked Police to confirm to what extent the new policy has been implemented, particularly monitoring and audit of access and use and the provision of training to staff."
The commissioner said it also sought an assurance from police on the "robustness" of its access to ANPR systems, training of those who used the systems and its monitoring and auditing practices.
Police headquarters said around 6000 staff had the ability to access ANPR systems and carried out around 327,000 checks each year. Police and councils operate a fraction of the thousands of ANPR-capable cameras in the country.
Hipkins has said he wants assurances from police that those with access to the systems understand the rules associated with doing so.
A spokeswoman for Auror also said the company would be checking with police whether its system was being used properly.
The case emerged through Herald inquiries into the October lockdown of Northland after three women were said to have used false information to get travel permits across the Covid-19 border with Auckland in October.
When one of those women tested positive for Covid-19 in Whangarei then disappeared, the whole region was put into lockdown over concerns that they might be spreading the virus.
It emerged the women did not use false information but that the travel documents were approved in error by a staff member at the Ministry of Social Development. It was also found the women were not prostitutes or linked to gangs, as had been suggested at the time, but were pursuing business opportunities in the North.
