This act [57-12C-1 to 57-12C-12 NMSA 1978] may be cited as the “Data Breach Notification Act”. History: Laws 2017, ch. 36, § 1. ANNOTATIONS Effective dates. — Laws 2017, ch. 36 contained no effective date provision, but, pursuant to N.M. Const., art. IV, § 23, was effective June 16, 2017, 90 days after the adjournment […]
A person that is required to issue notification of a security breach pursuant to the Data Breach Notification Act to more than one thousand New Mexico residents as a result of a single security breach shall notify the office of the attorney general and major consumer reporting agencies that compile and maintain files on consumers […]
A. When the attorney general has a reasonable belief that a violation of the Data Breach Notification Act has occurred, the attorney general may bring an action on the behalf of individuals and in the name of the state alleging a violation of that act. B. In any action filed by the attorney general pursuant […]
Nothing in the Data Breach Notification Act shall be interpreted to apply to the state of New Mexico or any of its political subdivisions. History: Laws 2017, ch. 36, § 12. ANNOTATIONS Effective dates. — Laws 2017, ch. 36 contained no effective date provision, but, pursuant to N.M. Const., art. IV, § 23, was effective […]
As used in the Data Breach Notification Act: A. “biometric data” means a record generated by automatic measurements of an identified individual’s fingerprints, voice print, iris or retina patterns, facial characteristics or hand geometry that is used to uniquely and durably authenticate an individual’s identity when the individual accesses a physical location, device, system or […]
A person that owns or licenses records containing personal identifying information of a New Mexico resident shall arrange for proper disposal of the records when they are no longer reasonably needed for business purposes. As used in this section, “proper disposal” means shredding, erasing or otherwise modifying the personal identifying information contained in the records […]
A person that owns or licenses personal identifying information of a New Mexico resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal identifying information from unauthorized access, destruction, use, modification or disclosure. History: Laws 2017, ch. 36, § 4. ANNOTATIONS Effective dates. — […]
A person that discloses personal identifying information of a New Mexico resident pursuant to a contract with a service provider shall require by contract that the service provider implement and maintain reasonable security procedures and practices appropriate to the nature of the personal identifying information and to protect it from unauthorized access, destruction, use, modification […]
A. Except as provided in Subsection C of this section, a person that owns or licenses elements that include personal identifying information of a New Mexico resident shall provide notification to each New Mexico resident whose personal identifying information is reasonably believed to have been subject to a security breach. Notification shall be made in […]
Notification required pursuant to Subsection A of Section 6 [57-12C-6 NMSA 1978] of the Data Breach Notification Act shall contain: A. the name and contact information of the notifying person; B. a list of the types of personal identifying information that are reasonably believed to have been the subject of a security breach, if known; […]
The provisions of the Data Breach Notification Act shall not apply to a person subject to the federal Gramm-Leach-Bliley Act or the federal Health Insurance Portability and Accountability Act of 1996. History: Laws 2017, ch. 36, § 8. ANNOTATIONS Cross references. — For the federal Gramm-Leach-Bliley Act, see 15 U.S.C. §§ 6801-6810 For the federal […]
The notification required by the Data Breach Notification Act may be delayed: A. if a law enforcement agency determines that the notification will impede a criminal investigation; or B. as necessary to determine the scope of the security breach and restore the integrity, security and confidentiality of the data system. History: Laws 2017, ch. 36, […]
