Stewart Baker writes:
… So, how much incentive for better security comes from the threat of data breach liability? Some, but not much. As I’ve been saying for a while, the actual damages from data breaches are pretty modest in dollar terms, and the pattern of losses makes it very hard to sustain a single class, something that forces up the cost of litigation for the plaintiffs.
You can see this pattern in recent data breach settlements.
Read more on WaPo The Volokh Conspiracy.