Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

New Mexico
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Within 45 days

FINES & PENALTIES – Violations
$25,000 – $150,000

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

New Mexico Privacy Law Information

PRIVACY PROGRAM

Organizations must contract with Vendors to whom the Organization discloses personal information.

BREACH REPORTING

For breaches involving more than 1,000 New Mexico residents, reporting must be made within 45 days to the Attorney General and major consumer reporting agencies.

CONSUMER NOTIFICATION

There are specifically defined requirements for consumer notification. If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES

A vendor discovering a breach or suspected breach must notify the data owner no later than 45 days after discovery. The data owner is responsible for reporting to the regulator and consumer notification. Vendors have a contractual obligation to have procedures and practices in place for the security and protection of personal information from unauthorized access, destruction, use, modification or disclosure.

FINES & PENALTIES

Organizations may be fined or penalized for Vendor violations. The Attorney General may bring an action on the behalf of individuals and in the name of the state alleging a violation; an injunction may be issued and/or damages awarded for actual costs or losses, including consequential financial losses.

New Mexico Statutes and Laws

N.M. STAT. §§ 14-6-1 – 14-6-3

Health and hospital records

N.M. STAT. §§ 24-14A-1 – 24-14A-10

Health information system act

N.M. STAT. §§ 57-12B-1 – 57-12B-4

Privacy protection act

N.M. STAT. §§ 57-12C-1 – 57-12C-12

Data breach notification act

N.M. STAT. § 57-12C-5

Service provider use of personal identifying information; implementation of security measures for PI

N.M. STAT. § 57-12C-11

Attorney general enforcement; civil penalty

N.M. STAT. § 57-12C-6(C)

Notification of security breach

N.M. STAT. § 59A-2-9.3

Insurance division, superintendent authorized and directed to promulgate privacy rules

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.