|i'm no lawyer, but i think proving one person is responsible for a data breach in a court of law is a challenge. and probably not worth the legal fees you'd incur.|
i recommend flight over fight: close that email account and start another, and continue to protect your virtual identity as best you can.
how did the IT manager gain access to your personal account? you're thinking some brute force password cracking hack? or is there a chance that you emailed the password to your work email at some point, or something?
do you use the same password for everything? This is not a best practice - you don't want the guy who hacked your facebook account to have access to your bank account.... Do you keep a text document with all your passwords in it on a computer? There's a guy here at work who uses Outlook Contacts to store his passwords... Do your passwords use at least 7 characters, capital and lower-case letters, numbers, and special characters? for example, "strongpass" is much weaker than "sTr0ngp4S$" but almost as easy to remember.