New Mexico
Privacy Laws
Overview
BREACH NOTIFICATION – Mandated Timeframe
Within 45 days
FINES & PENALTIES – Violations
$25,000 – $150,000
Regulation Levels
-
Breach Reporting
-
Consumer Notification
-
Vendor Management
-
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Breach Reporting
Required
Vendor Obligations
Required
Consumer Notification
Required
Vendor Contracts
Required
Vendor Notification
Required
Privacy Program
Required
QUICK FACTS
New Mexico Privacy Law Information
Organizations must contract with Vendors to whom the Organization discloses personal information.
For breaches involving more than 1,000 New Mexico residents, reporting must be made within 45 days to the Attorney General and major consumer reporting agencies.
There are specifically defined requirements for consumer notification. If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
A vendor discovering a breach or suspected breach must notify the data owner no later than 45 days after discovery. The data owner is responsible for reporting to the regulator and consumer notification. Vendors have a contractual obligation to have procedures and practices in place for the security and protection of personal information from unauthorized access, destruction, use, modification or disclosure.
Organizations may be fined or penalized for Vendor violations. The Attorney General may bring an action on the behalf of individuals and in the name of the state alleging a violation; an injunction may be issued and/or damages awarded for actual costs or losses, including consequential financial losses.
New Mexico Statutes and Laws
Health and hospital records
Health information system act
Privacy protection act
Data breach notification act
Service provider use of personal identifying information; implementation of security measures for PI
Attorney general enforcement; civil penalty
Notification of security breach
Insurance division, superintendent authorized and directed to promulgate privacy rules
DISCLAIMER
The information provided is not legal guidance or recommendations and are for informational purposes only.