Since the passing of Data Breach Notification laws in the U.S. there has been an explosion of data breach related litigation. Most of the actions are brought as class action suits (because the amounts sought per head is small but the groups are often very large). Although most of the cases to date have been unsuccessful - there are some indicators that U.S. courts are moving towards recongising the right to recover credit monitoring costs (at least in some limited circumstances). This trend, together with the likelihood that these caes will be settled with some sort of agreed settlement payment to the plaintiffs, makes the U.S. experience of interest in Australia.
Although we have yet to see a major case brought in an Australian court to recover damages in negligence for failing to properly secure data, it is important to be aware of what is happening in the U.S. particularly as it can provide guidance on how best to mitigate potential losses and reduce the likelihood of successful claims.