Ask Reggi Your Question Now
Can you summarize Article 12C, Chapter 57 NMSA?
Trade Practices and Regulations > Data Breach Notification
Short Summary
The legal document pertains to the Data Breach Notification Act in New Mexico. It requires persons who own or license personal identifying information of a New Mexico resident to implement and maintain reasonable security procedures and practices to protect the information from unauthorized access, destruction, use, modification, or disclosure. The document outlines the notification requirements for security breaches, including the timeframe for notification and the information that must be included in the notification. It also allows for delayed notification in certain circumstances. The attorney general has the authority to enforce the Act and may bring actions on behalf of individuals and the state. The court has the power to issue injunctions, award damages, and impose civil penalties for violations of the Act. The document also addresses the requirements for proper disposal of records containing personal identifying information and the obligations of service providers to implement security procedures. It specifies that the Act does not apply to persons subject to certain federal acts. Overall, the document aims to protect the personal identifying information of New Mexico residents and ensure timely notification in the event of a security breach.
Whom does it apply to?
The document applies to persons who own or license personal identifying information of a New Mexico resident, as well as persons licensed to maintain or possess computerized data containing personal identifying information of a New Mexico resident.
What does it govern?
The legal document governs the notification requirements for a person who is required to issue notification of a security breach to more than one thousand New Mexico residents. It also governs the enforcement of the Data Breach Notification Act by the attorney general.
What are exemptions?
The provisions of the Data Breach Notification Act do not apply to a person subject to the federal Gramm-Leach-Bliley Act or the federal Health Insurance Portability and Accountability Act of 1996.
What are the Penalties?
If a person is found to have knowingly or recklessly violated the Data Breach Notification Act, the court may impose a civil penalty of either $25,000 or $10.00 per instance of failed notification, up to a maximum of $150,000.
Jurisdiction
New Mexico