Can I use customer data for marketing purposes without violating privacy laws in New Mexico? What are the requirements?

Using Customer Data for Marketing Purposes in New Mexico

Based on the documents provided, businesses cannot use customer data for marketing purposes without violating privacy laws in New Mexico. The Privacy Protection Act (PPA) ^[4.1] prohibits businesses from using personal identifying information (PII) of New Mexico residents for marketing purposes without their consent. PII includes social security numbers, driver’s license numbers, and financial account numbers.

To use PII for marketing purposes, businesses must obtain the consumer’s consent and disclose the specific purposes for which the information will be used ^[4.1]. Additionally, businesses must implement and maintain reasonable security procedures and practices appropriate to the nature of the PII to protect it from unauthorized access, destruction, use, modification, or disclosure ^[1.2][1.5].

If a business experiences a security breach that involves PII, they must provide notification to each affected New Mexico resident in the most expedient time possible, but not later than 45 calendar days following discovery of the security breach ^[1.4][1.6].

Furthermore, businesses must arrange for proper disposal of the records containing personal identifying information of a New Mexico resident when they are no longer reasonably needed for business purposes ^[1.3].

In summary, to use customer data for marketing purposes, businesses must obtain consent, disclose the specific purposes for which the information will be used, implement reasonable security procedures and practices to protect the PII, and arrange for proper disposal of the records containing PII.

However, it is important to note that the New Mexico Insurance Code does not apply to the marketing, issuance, sale, offering for sale, making, proposing to make, and administration of service contracts ^[2.1].

Therefore, businesses must ensure that they comply with all relevant laws and regulations when using customer data for marketing purposes in New Mexico.

Requirements for Using Customer Data for Marketing Purposes in New Mexico

To use customer data for marketing purposes in New Mexico, businesses must comply with the following requirements:

• Obtain the consumer’s consent and disclose the specific purposes for which the information will be used ^[4.1].
• Implement and maintain reasonable security procedures and practices appropriate to the nature of the PII to protect it from unauthorized access, destruction, use, modification, or disclosure ^[1.2][1.5].
• Arrange for proper disposal of the records containing personal identifying information of a New Mexico resident when they are no longer reasonably needed for business purposes ^[1.3].
• Provide notification to each affected New Mexico resident in the most expedient time possible, but not later than 45 calendar days following discovery of the security breach, if a business experiences a security breach that involves PII ^[1.4][1.6].

It is important to note that the New Mexico Insurance Code does not apply to the marketing, issuance, sale, offering for sale, making, proposing to make, and administration of service contracts ^[2.1].

Therefore, businesses must ensure that they comply with all relevant laws and regulations when using customer data for marketing purposes in New Mexico.

Source(s):

• [2.1] Transactions not subject to New Mexico Insurance Code; exceptions.
• [1.2] Service provider use of personal identifying information; implementation of security measures.
• [4.1] Definitions.
• [1.3] Disposal of personal identifying information.
• [1.4] Notification of security breach.
• [1.5] Security measures for storage of personal identifying information.
• [1.6] Notification to attorney general and credit reporting agencies.

Jurisdiction

New Mexico

• General