ChoicePoint was investigated by the Federal Trade Commission after it admitted to more than 100,000 US consumers that their personal information, including social security numbers, may have been obtained by fraudsters.
In settling with the FTC, ChoicePoint admitted no wrongdoing. As well as paying the fine, the company is required to strengthen its procedures for screening people who buy data from it.
The company sells data to more than 50,000 businesses, and investigations revealed that nearly 50 of its accounts were not legitimate businesses.
It is also required to implement an information security programme, which will be audited independently every two years over the next 20 years.
The $15m fine consists of $10m for civil penalties and $5m for consumer redress.
ChoicePoint issued a statement saying that it has implemented almost all of the changes. Derek V Smith, ChoicePoint chairman and CEO, said: "I firmly believe that the changes we've implemented in the past year were not only the right thing for this company to do but are equally important for the entire industry to consider."
Jerry Casale, senior vice-president for government affairs at the US Direct Marketing Association, of which ChoicePoint is a member, said: "There are many legitimate uses for information that are critical to maintaining America's economy and preserving value, safety, convenience and choice for consumers. We have to strike a delicate balance that allows the appropriate collection and sharing of data while preventing unauthorised or indiscriminate access to data that can be used by identity thieves."
If you have an opinion on this or any other issue raised on Brand Republic, join the debate in the .