Qantas ought to be in the firing line and facing a heavy fine for letting the personal information of six million customers fall into the hands of criminals.

We’re lucky in this case that it was largely superficial stuff such as names, email addresses, phone numbers, birthdates and Frequent Flyer numbers that were stolen – but imagine if all that could be linked to far more valuable information.

Qantas would have records of people’s credit card numbers, for instance.

Through its Frequent Flyer program, it would have records of where and how often people fly, as well as quite intimate information about people’s shopping habits.

That’s where the rubber hits the road.

The whole point of loyalty programs, be it with an airline or a supermarket, is to harvest information about customers.

They want to know what you buy, when you buy it and why you buy it – and in exchange you get discounts.

If it’s that valuable to businesses, then it’s also valuable to criminals.

In a world where everything is now electronic and thus everything can be tracked, we can’t afford to be sloppy with protection.

To some degree it is our fault that we hand over so much information about ourselves to companies that can’t be bothered to protect it properly. But in many cases now, it’s unavoidable.

Short of packing your bags to Pennsylvania and getting around by horse and cart with the Amish, you don’t have much choice about being an entry in a valuable corporate spreadsheet.

And so the deal should be that if you want to collect information about us you must, without exception, store it somewhere impenetrable otherwise we’ll come down on you like a ton of bricks.

The privacy watchdog, the Australian Information Commissioner, started court action against Medibank last year after data, including the health claims of nearly 10 million current and former customers, were stolen by Russian hackers in 2022.

Under old laws that applied at the time of that hack, the maximum penalty for a data breach was $2.22m, which could theoretically mean a fine of $21.5 trillion if they were handed the maximum fine for each individual breach.

New laws passed at the end of 2022 increased that maximum to whichever is the highest of $50 million, three times the value of any benefit obtained through the misuse of information or 30 per cent of a company’s adjusted turnover at the time of the hack.

That’s enough to send almost any company in the country broke – as it should.

The Information Commissioner should read Qantas the riot act and show that it’s not afraid to pursue the heaviest possible penalties for not protecting our information.

It may finally scare corporate Australia into doing the right thing.

More Coverage

Major update after Qantas cyber hack

Alexandra Feiam

Qantas weighing data-breach compensation

Robyn Ironside

Caleb BondSkyNews.com.au columnist & co-host of The Late Debate

Caleb Bond is the Host of The Sunday Showdown, Sundays at 7.00pm and co-host of The Late Debate Monday – Thursday at 10.00pm as well as a SkyNews.com.au Contributor.Bond also writes a weekly opinion column for The Advertiser.

Caleb Bond