The settlement, which also includes a $5 million payment by ChoicePoint to help victims of the data theft, was the first in which the FTC has fined a company in connection with a security breach. Corporate security managers and several lawyers who specialize in security-related legal matters are viewing the stiff fine as an indication of the increasingly tough stance that the government is taking against businesses that fail to adequately protect sensitive customer information.

And it isn't just companies that suffer actual data breaches that need to be concerned, they warned -- businesses unable to demonstrate due diligence on their information security practices could also find themselves being targeted by the FTC.

The financial penalties levied against ChoicePoint were "pretty severe" and should send a sobering message to corporate America, said the director of information security at a specialty retail chain based in California.

The security director, who asked not to be identified, said that "$15 million is not a lot of money for ChoicePoint, but it is far larger than any other fine we have seen so far, and people are calling for still-tougher penalties." The FTC's action drives home the point that Congress and federal officials are waking up to data protection issues, he added.

"There has been a definite change in the FTC's handling and analysis of security breaches," said Christopher Pierson, an attorney at Lewis and Roca LLP in Phoenix. "It appears that the FTC is not going to wait for federal [data security] legislation to come down the pipe and is instead going to take action using existing laws."