Curtis said forcing organizations to notify customers of a breach is a "strong market incentive" that will encourage organizations to adequately secure databases and increase customer trust.
The recommendation, which made no reference to formal penalties, is part of a 474 page submission Curtis has made to the Australian Law Reform Commission (ALRC) which is currently reviewing the Privacy Act.
Many of the submissions to the ALRC have called for a tougher regulatory climate as a result of a huge increase in high profile data breaches in the past two years which have made the Privacy Act outdated and almost redundant.
For example, the US Congress has introduced a data breach notification bill and more than 30 states have passed similar laws since 2005.
Australia has been slow to legally adopt similar measures but the privacy review has revealed a strong push by industry for tougher data governance standards.