June 11, 2017

June 09, 2017

Subscribe to Latest Legal News and Analysis

New Mexico's New Data Breach Notification Laws

New Mexico has followed other U.S. states in enacting data breach notification laws coming into effect on 16 June 2017. The statute will only apply to computerised data, which is narrower in scope compared to Australian laws that also apply to physical records.

The key provisions from the new data breach laws include:

  • Companies must notify New Mexico residents, the Attorney General and Consumer Reporting Agencies as appropriate within 45 days of discovery of data breaches that pose “a significant risk of identity theft or fraud”;
  • Companies that disclose Personal Identifying Information to third party vendors must contractually require the vendors to implement and maintain reasonable security procedures; and
  • Civil penalties of $10 per instance of failed notification up to a maximum of $150,000.

There are concerns that this adds another layer of complexity for companies trying to remain compliant, as they will now have to comply with data breach notification laws of 48 states and 3 territories. We think that there may be a big push for a unified federal law on this issue in the near future.

This article was written with contributions from Edwin Tam.

Copyright 2017 K & L Gates


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...