An interesting paper looking at the risks, risk management, and legal economics of breaches of privacy. Much of the material is fairly standard, but it also looks at different types of controls (such as preventative and recovery) in regard to data breaches, disclosure laws, and standards such as PCI DSS. Valuation of assets is also a factor.
(Free download, as of this posting.)