The Australian federal police has revealed it accessed the metadata of journalists 58 times in the 2017-18 financial year.

The admission came in a submission to the parliamentary joint committee on intelligence and security’s review of the mandatory data retention law, which has been in place since 2015.

Under the legislation, call records, IP addresses and other so-called metadata is held by telecommunications companies for two years. Agencies including the AFP don’t need a warrant to access the vast bulk of the metadata collected for investigations but, if seeking the metadata of a journalist, they must get a journalist information warrant signed off by an issuing authority appointed by the government.

Labor calls for explanation after AFP obtains ABC journalist's private Qantas travel records Read more

The AFP told the committee that in the 2017-18 financial year, it had obtained two journalist information warrants that led to journalists’ metadata being accessed 58 times.

In total, the AFP said, it had accessed metadata close to 20,000 times in the same financial year.

The information on the number of times metadata is accessed by government agencies is supposed to be released in total in an annual report on the operation of the Telecommunications (Interception and Access) Act, but it has been close to two years since the release of the last report, covering the 2016-17 financial year.

The same committee is now examining the impact of the use of national security laws such as the mandatory data retention legislation on freedom of the press in the wake of the AFP raids on the ABC and the home of the News Corp journalist Annika Smethurst over leaks related to national security and defence matters.

A cybersecurity researcher told the committee, which is also reviewing anti-encryption legislation, that the effect of the new law could even allow law enforcement to bypass the journalist information warrant scheme to hunt a journalist’s sources.

• Sign up to receive the top stories from Guardian Australia every morning

The Western Australian police force, on the other hand, has revealed it had difficulty obtaining a journalist information warrant owing to a public interest advocate not being based in the state. The PIA is appointed by the government to argue the case for the journalist whose metadata could be accessed.

The journalist is never informed that their metadata could be accessed.

The WA police, which obtained journalist information warrants in 2017, told the committee that it needed to go to South Australia to find a PIA and this had resulted in costs and delays for the investigation.

WA police acting commissioner, Col Blanch, also complained that advances in technology such as encryption and the pending arrival of 5G made it more difficult for law enforcement to obtain metadata because call records and other such information was not being recorded as people move away from traditional calling and texting.

He said Visitor Location Register – a database of the locations of mobile subscribers – was not within the scope of the act, and therefore Telstra does not hand it over. Blanch called for the legislation to be expanded to cover VLR data.

“VLR data is now a more reliable way to further investigations as it does not rely on call or text messages being made to record data,” he said.