"Constant news headlines tell us how vulnerable our personal information is and as consumers we don't even know where or how it is stored," he said.
"However, many incidents are either unreported or reported at a much later date. A carrot and stick approach is required to get organisations to hold data with adequate security."
Dell Australia did the right thing by informing customers and the Privacy Commissioner but there was nothing to compel it to, he said.
Mr Phair questioned whether it was only names and email addresses that were stolen.
"How do they know that? Surely other customer information is collected and stored [for marketing and other purposes] by Dell," he said.
In addition to email marketing, it has been revealed that Epsilon collects all sorts of other data about customers on behalf of clients including social networking posts, providing them access to details such as age, profession, address, political persuasions, etc.
Mr Ducklin warned that the information seized would give scammers all the ammunition they needed to conduct highly targeted and believable "spear phishing" attacks. Security expert Brian Krebs has published tips on how affected people can avoid falling victim to such attacks.
A full list of the companies affected can be found at the website databreaches.net.
Rob McAdam, CEO of security firm Pure Hacking, was not as alarmed about the data breach incident as the other security professionals, saying that on a scale out of 10 this issue rated around a 3 in importance. He said it was mainly an issue of reputational damage for both Epsilon and Dell.
"In the United States disclosure of unauthorised security breaches is mandatory and this is why we are hearing about this case," he said.
"In Australia, the same level of disclosure is not currently mandatory and there are many similar cases that are not only not reported, but not disclosed to the same extent. This case of unauthorised entry is not unusual, and we believe is a continuing trend for 2011."
The Privacy Commissioner said that the recent report on privacy laws compiled by the Australian Law Reform Commission recommended that new data breach notification requirements be implemented, which would force companies to own up to privacy breaches such as this. However, the Federal Government has yet to say whether it will take this recommendation on board.
Sign up for Computerworld eNewsletters.