FTC targeting companies who do not demonstrate "due dilligence"......well it's about time....

JANUARY 30, 2006 Computerworld - The Federal Trade Commission last week imposed a $10 million fine—the largest civil penalty ever levied by the agency—on ChoicePoint Inc. for the highly publicized security breach that the data aggregator disclosed last year.

The settlement, which also includes a $5 million payment by ChoicePoint to help victims of the data theft, was the first in which the FTC has fined a company in connection with a security breach. Corporate security managers and several lawyers who specialize in security-related legal matters are viewing the stiff fine as an indication of the increasingly tough stance that the government is taking against businesses that fail to adequately protect sensitive customer information.

And it isn't just companies that suffer actual data breaches that need to be concerned, they warned—businesses unable to demonstrate due diligence on their information security practices could also find themselves being targeted by the FTC.

The financial penalties levied against ChoicePoint were "pretty severe" and should send a sobering message to corporate America, said the director of information security at a specialty retail chain based in California.
Unfortunately $15 Mill doesn't quite cut it????

The security director, who asked not to be identified, said that "$15 million is not a lot of money for ChoicePoint, but it is far larger than any other fine we have seen so far, and people are calling for still-tougher penalties." The FTC's action drives home the point that Congress and federal officials are waking up to data protection issues, he added.