If PSN user data is stored in the UK, then it is subject to the Data Protection Act, which requires companies that hold personal data to provide adequate security for it. Notably, the law would trump Sony's PSN Terms and Conditions, which includes the line: "We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network."
"If we found a breach," an ICO rep told Edge, "one of the actions we could take would be to issue an undertaking, which is an agreement between the ICO and the company that if they are handling personal information they have to bring about set improvements in order for them to be compliant with the act." If the company fails to comply, the rep added, "further action would be taken, and we might consider an enforcement notice or issue a monetary penalty." For a serious breach, the fine can reach £500,000 (more than $800,000).
Admittedly, that wouldn't be a huge payout for Sony, but considering the other costs of the security breach and PSN outage the company stands to incur, it would probably sting a little.