Jennifer A. Chandler of the University of Ottawa Faculty of Law has authored "Negligence Liability for Breaches of Data Security," forthcoming in the Banking and Finance Law Review. Here's the abstract:
Due to the concern over identity fraud, data security issues are now attracting growing attention from legislators, legal scholars, and an increasing number of litigants. This article addresses the possibility of using liability in negligence as a means to deter unreasonably careless data security practices as well as to offer compensation to those harmed by data security breaches. Part I of the article discusses the need for civil liability in order to deter careless data security practices. Part II reviews U.S. cases involving negligence liability for breaches of data security, identifying the key problems facing plaintiffs. Part III addresses additional legal problems that may face plaintiffs in the Canadian context, and Part IV draws on case law and regulatory decisions to suggest some conclusions about what are "reasonable" security measures.
You can download the article at http://ssrn.com/abstract=998305.