Improving OIA enforcement

Yesterday The Post had a long exit interview with outgoing Ombudsman Peter Boshier, in which he complains about delinquent agencies which "haven't changed and haven't taken our moral authority on board". He talks about the limits of the Ombudsman's power of persuasion - its only power - and the need for more coercive tools, such as holding chief executives personally liable for failures as they are under health and safety legislation.

That's certainly one option. Here's another: introduce a compliance notice regime for the OIA.

We already have this tool in the Privacy Act, and it allows the Privacy Commissioner to issue a notice to an agency which has broken the law, requiring them to remedy the breach and/or prevent any repeat. And if they don't, the Commissioner can go to court and get a court order forcing them to obey, which then in turn opens up the usual penalties for civil contempt.

Unlike CEO liability, this is directly focused on specific breaches, and forces agencies to actually fix them and obey the law. It would mean that shit like this wouldn't happen. Which is the outcome we want, right?

Again, this would make a useful member's bill, and the relevant provisions can be cribbed from existing law.