Call Us (800) 460-6424 ☰ ˟
Information and Resources On The COVID-19 Pandemic: Click Here
Logo
(800) 460-6424
  • Home
  • Get A Quote
    • Agents E&O Quick Application
    • Commercial Crime Application
    • Commercial Crime Quick Application
    • Cyber Liability Application
    • Director's & Officer's Application
    • Director's & Officer's Quick Application
    • Employment Practices Liability Application
    • MGA/Wholesaler Application
    • Real Estate Professional Liability
  • Policy Review
  • Insurance for Your Agency
    • Errors & Omissions
    • D & O Insurance
    • Cyber Liability Insurance
    • Commercial Crime
    • Employee Dishonesty
    • Professional Liability Insurance
    • Punitive Damages
  • Resources
    • Articles
    • Refer a Friend
    • Insurance Glossary
    • Contact Us
    • Financial Ratings
  • About Us
    • About U.S. E & O Brokers
    • View our Blog
    • Our Locations
    • Employee Directory
    • Customer Testimonials
    • Privacy Policy
  • Blogs
real estate button
cyber liability button
master policy programs button
Home > Blog > New Mexico’s Data Breach Law
FRIDAY, AUGUST 18, 2017

New Mexico’s Data Breach Law

Almost all U.S states have laws about data security and what to do when there’s a data breach. New Mexico recently added such a law for its state. Here is what’s in the New Mexico law.

Who The Law Applies To. The law applies to anyone who conducts business in New Mexico and who owns or licenses elements that include personal identifying information of a New Mexico resident. It also applies to anyone who receives, stores, maintains, licenses, processes or is permitted access to personal identifying information for someone else.

The New Mexico law defines personal information as an individual’s first name or first initial and last name in combination with any of the following if not protected through encryption, redaction or rendering it otherwise unreadable:

  1. Social security number; or
  2. Driver’s license or government-issued identification number; or
  3. Account number, credit card number, or debit card number, in combination with any required security code, access code or password that would permit access to the account; or
  4. Biometric data.

What The Law Requires. The trigger is when the data owner or service provider becomes aware of an incident of unauthorized acquisition of unencrypted data that compromises the security, confidentiality or integrity of personal identifying information. The data owner or service provider must conduct a prompt investigation to determine if there has been a breach. If there has been a breach, notification of affected residents is required. If more than 1,000 New Mexico residents must be notified, the person providing notification must also notify the New Mexico Attorney General and major consumer credit reporting agencies.

What is a Breach. The term “breach” under this law means unauthorized acquisition of unencrypted data that compromises the security, confidentiality or integrity of personal identifying information. It can also be of encrypted personal information, if the encryption key or security credential was acquired by the unauthorized person.

When and How To Notify. If a breach is confirmed, the data owner or service provider must notify the individual “in the most expedient time possible” and no later than 45 days. Notice by regular mail is permitted. Notice by email is permitted if that is the primary method of communicating with the resident.

The notification must include, at a minimum, the following:

  1. The name and contact information of the notifying person;
  2. A list of the types of personal identifying information that are reasonably believed to have been the subject of the breach;
  3. The date of the breach, the estimated date of the breach or date range within which the breach occurred, if known;
  4. A general description of the breach incident;
  5. Toll-free phone numbers and addresses of the major credit reporting agencies;
  6. Advice that directs the recipient to review personal account statements and credit reports to detect errors resulting from the breach; and
  7. Advice that informs the recipient of the notification of the recipient’s rights pursuant to the federal Fair Credit Reporting Act.

Substitute notice may be permitted if more than 50,000 residents need to be notified, if the notice would exceed more than $100,000, or if there is not sufficient contact information for the residents that need to be notified. Substitute notice includes the following: (a) email; (b) posting of notice on company’s website; and (c) notification of major media outlets in New Mexico and of the New Mexico Attorney General.

What if Law Enforcement is Involved. The law provides that notification “may be delayed” if a law enforcement agency determines that notification will impede a criminal investigation, or as necessary to determine the scope of the breach and restore the integrity, security and confidentiality of the data system. Close cooperation to protect the interests of the business is well advised.

What are the Law’s Penalties. Only the New Mexico Attorney General has the power to enforce the law. There is no private right of action. Penalties for failing to comply are damages for actual costs or losses, including financial losses, and an injunction. If the court finds a knowing or reckless violation, the court may impose a penalty of $25,000. The court may also impose a penalty of $10 per instance of failed notification, up to a maximum of $150,000.

The law has been in effect since June 16, 2017. In the event of a breach, a business should act immediately to secure its system, send notifications, and protect itself and its customers. It also may be appropriate to have a data breach response plan in place to prepare, and to test such a plan before a breach arises.

(Source:jdsupra.com)

Posted 6:30 PM

Share |


No Comments


Post a Comment
Required
Required (Not Displayed)
Required


All comments are moderated and stripped of HTML.

NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014

  • cyber liability insurance(30)
  • errors and omissions insurance(16)
  • e and o insurance(14)
  • business insurance(9)
  • directors and officers insurance(9)
  • d and o insurance(8)
  • eando insurance(7)
  • errors and omissions(7)
  • e&o insurance(6)
  • insurance(4)
  • coverage(4)
  • cyber insurance(3)
  • insurance agencies(3)
  • directors & officers insurance(3)
  • professional liability insurance(3)
  • directors and officer's insurance(2)
  • claims(2)
  • commercial crime insurance(2)
  • officers(2)
  • data breach(2)
  • small business owners(2)
  • small business insurance(2)
  • cyber liability(2)
  • omissions(2)
  • directors(2)
  • e & o(2)
  • tips to avoid scams(2)
  • errors(2)
  • policy(2)
  • covid-19(1)
  • ransomware(1)
  • phishing scams(1)
  • billing errors insurance(1)
  • dando insurance for insurance agencies(1)
  • fraud week(1)
  • crime coverage(1)
  • e and o(1)
  • cyber attacks(1)
  • eando insurance for insurance agencies(1)
  • storm surges(1)
  • finance(1)
  • cyber damage(1)
  • directors and officers insurance for the insurance industry(1)
  • social media(1)
  • white collar crime(1)
  • renewal(1)
  • insurance fraud(1)
  • commercial crime policy(1)
  • fraud(1)
  • fraud resources(1)

View Mobile Version

Featured Products

Featured Product Real Estate Featured Product Lawyers Featured Product Cyber Liability Featured Product Commercial Crime
Carrier
Carrier
Carrier
Carrier
Carrier
Carrier
Carrier
Logo
Social
Quick Links Home About Us Refer A Friend Contact Us
Location Corporate Headquarters
2050 W. Sam Houston Pkwy S Ste 1500, Houston, TX 77042
Contact O: 281-243-5755O: 713-984-1370F: 713-984-1152
© Copyright. All rights reserved. Powered by Insurance Website Builder