ACT Policing has revealed its officers attempted to access stored metadata without authorisation more than 3,000 times, due to issues dating back to 2015.

Key points: While re-examining the initial 116 unauthorised accesses, police uncover a further 3,249 requests

While re-examining the initial 116 unauthorised accesses, police uncover a further 3,249 requests In one instance illegally accessed metadata may have helped result in a prosecution

In one instance illegally accessed metadata may have helped result in a prosecution Police say changes have been made in order to minimise risk of the breaches reoccurring

Earlier this week it emerged that the Commonwealth Ombudsman had reported on 116 instances from 2015 in which ACT police officers accessed metadata without the authorisation to do so, because the person signing off on the access did not have the authorisation to do so.

But while re-examining the 116 authorisations, police uncovered a further 3,249 instances where data requests had been made, which were subject to the same authorisation problem.

Police said some of the data requested included identifying the holder of a telephone number in order to enforce the law, and to help with finding a missing person.

None of the requests were focused on uncovering a journalist's sources.

While the number of requests made was well over 3,000, it was not clear whether each request actually resulted in metadata being retrieved.

"It is important to note that while the delegation was not in place, all authorisations and requests were managed in accordance with the relevant policies and procedures, including security, storage and disclosure," a police statement said.

"Once the issue was discovered, ACT Policing notified the Ombudsman's office to seek advice on how to remedy this administrative oversight."

Illegally accessed metadata could have led to prosecution

Police said of the thousands of requests, 240 generated information that was "of value" in progressing ongoing investigations and inquiries.

It said in one instance information obtained without authorisation may have helped result in a prosecution.

ACT Policing is seeking legal advice with regards to that matter, and a missing persons case in which data was used.

"Noting one investigation may require multiple telecommunications data requests, the 240 telecommunications data results were referred to individual case officers to conduct further examination and confirm its use and dissemination," police said.

"During this process, steps were taken to commence quarantining the relevant material."

The Commonwealth Ombudsman's report noted that it was the Australian Federal Police Commissioner's responsibility to delegate powers to senior officers to allow them to authorise requests for metadata.

But in March 2015 the AFP inadvertently failed to assign a delegate to ACT Policing, resulting in an unauthorised person managing the requests.

"The ACT Policing position holder, who previously held the appropriate delegation, had continued issuing authorities in good faith unaware that the delegation had been omitted," the police statement said.

Police said changes had since been made to processes in order to minimise risk of the breaches reoccurring.