Mogull said 40 states in the US now have disclosure laws providing customers with a level playing field to make informed decisions.
"The IT security landscape here today has been reduced to a choice of garbage, trash or junk but bad publicity about breaches can change that, it can force change," he said.
"Australia isn't any safer than the US when it comes to data protection I know breaches are occurring as I work with the financial services sector here and know what security programs the banks have in place.
"In fact I think it is a much harsher environment here, especially when it comes to phishing and Australia's proximity to Asian economies; it is just hidden more from consumers.
"There are no market forces pushing organizations to do better."
Mogull said disclosure laws are a good starting point to improve the IT security landscape because it would enable the collection of valuable data and to understand how breaches occur.
"With good stats we can make good decisions," he added.
While Mogull believes the laws should include penalties, he said there should also be a built-in mechanism that allows consumers to take legal action themselves.
He admits organizations may need to increase budgets to be compliant.
"If an organization is currently spending five percent of their budget on security they may have to bump that up to seven percent; but this usually involves a shifting of funds rather than new money," Mogull said.
The Australian Bankers Association (ABA) CEO, David Bell, told Computerworld banks already have a legal duty to protect customer data under a number of laws without the introduction of data disclosure legislation.
Bell said confidentiality and privacy is at the core of customer relationships.
He went on to say it would be premature to comment on the introduction of data disclosure laws before the ALRC's final report is handed down next year.
"But we are certainly awaiting the outcome of the report as the ABA has made a submission to the ALRC on the privacy review," Bell said.