Read The Times Australia

Daily Bulletin

How can we stay safe after data breaches? Step 1 is to change the cybersecurity laws

  • Written by: Adam Andreotta, Lecturer, School of Management and Marketing, Curtin University
How can we stay safe after data breaches? Step 1 is to change the cybersecurity laws

Last week, Australian airline Qantas announced cyber attackers had accessed personal data about some of its customers. The company later confirmed that 5.7 million customer records were involved.

The attackers targeted an offshore IT call centre, which enabled them to gain access to a third-party system.

The airline contacted affected customers shortly after the announcement, and sent a follow-up email a week later. The email apologised to customers and informed them attackers had accessed information about customers’ names as well as frequent flyer numbers and tier status.

The email may have felt familiar to Australians impacted by the 2022 Optus Breach or the 2024 Medisecure Hack — a routine apology, an assurance that immediate steps have been taken, and a statement that the company takes seriously the trust placed in it to safeguard personal information.

It’s an adequate response. But it ignores something that might genuinely make customer data safer in the future: stronger cybersecurity laws to prevent these kinds of breaches from happening in the first place.

How should we respond to data breaches?

If your data were involved in the Qantas breach, you might be wondering what to do about it.

The first sensible step might be to find out what personal information was compromised. Next, you might research the potential harm that could come from your name, Qantas Frequent Flyer number, and tier status being accessed.

You may learn about the risks of identity theft, account hijacking, and scams.

After that, you might want to figure out what actions you could take to protect yourself – that is, how to best secure your data. Plenty of websites offer advice along these lines.

If you are a Qantas customer, and received the follow-up email, you may have noticed a section titled “What steps can I take to protect myself?”. This part encourages users to stay alert, use two-factor authentication, stay informed about the latest threats, visit IDCARE’s Learning Centre, and never share passwords or sensitive information (stating that Qantas will never ask for them).

While these are helpful suggestions, they place a significant burden on the customer. They also imply that if our data becomes compromised, we may be partially to blame for not doing more to protect ourselves.

Is this fair or useful? Rather than just trying to protect ourselves after data breaches, we might be better off focusing our attention on why breaches occur and the legislators who make the rules for the companies that hold our data.

Does the law have an unhealthy obsession with data breaches?

It may seem that, to improve cybersecurity laws, we need to pay more attention to Qantas-like data breaches and impose bigger fines on companies when they occur. However, this is not necessarily the best solution.

As US privacy scholars Daniel Solove and Woodrow Hartzog point out in their 2022 book Breached!: “Data privacy law has an obsession with data breaches.”

Ironically, the authors claim, “this obsession has […] been the primary reason why the law has failed to stop the deluge of data breaches. The more obsessed with breaches the law has become, the more the law has failed to deal with them.”

Solove and Hartzog argue that focusing solely on the breaches themselves prevents us from concentrating on prevention.

How effective is Australian cyber security law?

In Australia, recent reforms to the Cyber Security Act 2024 introduced the Cyber Incident Review Board, which can:

make recommendations to government and industry about actions that could be taken to prevent, detect, respond to or minimise the impact of, cyber security incidents of a similar nature in the future.

These reforms are an important step in addressing prevention, and the Cyber Incident Review Board will undoubtedly draw many lessons from the Qantas case when it performs its post-incident review – such as identifying potential weaknesses at the offshore IT call centre.

However, we shouldn’t have to wait until an incident occurs to start thinking about how to protect against breaches. There are also concerns about whether the recommendations it offers will be put into law.

Ideally, we need legislation that focuses on prevention, not just post-incident responses. If we had laws that required companies to conduct audits, provide legally binding safety checks applicable to all relevant stakeholders, and impose penalties for non-compliance with these standards, it would genuinely improve prevention.

Revising our flight path

Our response to the Qantas breach will no doubt follow a familiar pattern: first, we panic! Then we get angry at the company. Next, we attempt to follow privacy advice – at least for a short while – changing a password or two before becoming complacent and then lowering our privacy vigilance. And then the cycle repeats the next time a breach occurs.

We don’t need to accept this eternal pattern, however. If we focus our attention on lawmakers, rather than these immediate responses we are all too familiar with, prevention becomes a possibility.

Authors: Adam Andreotta, Lecturer, School of Management and Marketing, Curtin University

Read more https://theconversation.com/how-can-we-stay-safe-after-data-breaches-step-1-is-to-change-the-cybersecurity-laws-260816

Business News

Australian organisations are relying on business continuity plans built for a far more predictable world

Tariff escalations, supply chain fragility, geopolitical events, and the ongoing threat of cyber disruption have reshaped the risk environment facing Australian organisations. The problem is that ma...

Daily Bulletin - avatar Daily Bulletin

How to Rent a Car for Uber in Melbourne: What Every New Driver Needs to Know

Starting out as an Uber driver in Melbourne is not as complicated as it sounds but getting the vehicle right is where most new drivers get stuck. Uber has strict requirements around vehicle age, condi...

Daily Bulletin - avatar Daily Bulletin

When Should You Speak to a Lawyer About a Legal Issue?

Legal issues can begin with a simple question, then become harder to manage once formal steps are involved. Many people wait until a matter feels urgent before seeking guidance, even though earlier ...

Daily Bulletin - avatar Daily Bulletin

The strategic rise of Bali as Australia’s next essential healthcare support hub

As Australian healthcare providers grapple with unprecedented operational bottlenecks, a new nearshore model is quietly transforming patient care delivery. Forward-thinking organisations,  including...

Daily Bulletin - avatar Daily Bulletin

Cost Savings and Benefits of Using Used Pallets in Logistics

In today’s competitive logistics and supply chain industry, businesses are constantly looking for ways to reduce operational costs without compromising efficiency and reliability. One of the most prac...

Daily Bulletin - avatar Daily Bulletin

How Fulfilment Services in Australia Help Businesses Scale Efficiently

The growth of e-commerce and modern retail has transformed customer expectations. Consumers now expect fast shipping, accurate order processing, and seamless delivery experiences regardless of where...

Daily Bulletin - avatar Daily Bulletin

Practical Ways Australian Workplaces Can Reduce Operating Costs

Reducing business costs doesn’t always mean cutting staff, shrinking services or making the workplace feel bare-bones. In many cases, the smarter savings are hiding in everyday operations: the light...

Daily Bulletin - avatar Daily Bulletin

Executive Recruitment Solutions That Help Organisations Secure Exceptional Leaders

Leadership has a direct impact on organisational performance, employee engagement, strategic growth, and long-term success. Businesses operating in increasingly competitive environments require experi...

Daily Bulletin - avatar Daily Bulletin

Why A WooCommerce Website Designer Matters For Online Growth

Running an online store today requires more than simply listing products and waiting for customers to arrive. Businesses need a website that is fast, reliable, easy to navigate, and designed to suppor...

Daily Bulletin - avatar Daily Bulletin

The Daily Magazine

The Hidden Engineering Problem Inside Australia's Older Housing Stock

A significant share of Australian homes were built for a way of living that no longer exists. Houses...

DIY Rodent Control Vs Professional Help: When Is It Time To Call The Experts?

Rodents are one of the most frustrating pest problems for Australian property owners. Rats and mic...

Lighting Shop in Perth: How The Right Lighting Can Transform Your Home And Business

The right lighting can completely change the look, feel, and functionality of any space. Whether it ...

Traffic Light System Solutions For Safer And More Efficient Traffic Management

Modern cities and growing communities rely heavily on effective traffic management to ensure safety...

Gold Migration Lawyers in Liquidation: How the Closure Affects Your ART Appeal

If your appeal was with Gold Migration Lawyers, a recent change to how the Tribunal decides cases ...

The pressure cooker: life in urban Australia in 2026

Australian cities have always been demanding. Long commutes, rising housing costs, busy schedules a...

What Actually Makes a Good Criminal Lawyer in Melbourne

Most people only think about this question once. That is usually too late. Most people charged wi...

Why Working With A Chatswood Tutor Can Improve Academic Performance

Academic expectations continue increasing for students across primary school, high school, and senio...

Is It Worth Getting Solar Panels in Melbourne?

The real question is not whether solar works in Melbourne. It works. The question is what it is co...