Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance

Can I use third-party customer service tools that collect personal information in New Mexico? What are the requirements?

October 18, 2023

Using Third-Party Customer Service Tools that Collect Personal Information in New Mexico

If you use third-party customer service tools that collect personal information in New Mexico, you must ensure that the service provider implements and maintains reasonable security procedures and practices appropriate to the nature of the personal identifying information and to protect it from unauthorized access, destruction, use, modification, or disclosure ^[1.1]^[1.3]. Additionally, you must arrange for proper disposal of the records containing personal identifying information when they are no longer reasonably needed for business purposes ^[1.2].

If you receive nonpublic personal financial information from a nonaffiliated financial or other institution, you may disclose the information to your affiliates or use it pursuant to an exception in 13.1.3.18 NMAC or 13.1.3.19 NMAC, in the ordinary course of business to carry out the activity covered by the exception under which you received the information. However, you may not disclose that information to a third party for marketing purposes or use that information for your own marketing purposes ^[3.1].

If you receive nonpublic personal information from an individual, you must obtain a valid authorization in written or electronic form separate from that used for any other purpose. The authorization must contain the identity of the consumer or customer who is the subject of the nonpublic personal information, a specific description of the types of nonpublic personal information to be disclosed, specific descriptions of the parties to whom the licensee discloses nonpublic personal information, the purpose of the disclosure and how the information will be used, the signature of the consumer or customer who is the subject of the nonpublic personal information or the individual who is legally empowered to grant authority and the date signed, and notice of the length of time for which the authorization is valid and that the consumer or customer may revoke the authorization at any time and the procedure for making a revocation. The authorization for the purposes of this rule shall specify a length of time for which the authorization shall remain valid, which in no event shall be for more than twenty-four (24) months. A consumer or customer who is the subject of nonpublic personal information may revoke an authorization provided pursuant to this rule at any time, subject to the rights of an individual who acted in reliance on the authorization prior to notice of the revocation. A licensee shall retain the authorization or a copy thereof in the record of the individual who is the subject of nonpublic personal information ^[3.2].

Additional Context

The additional context documents do not provide any relevant information to answer the query.

Therefore, if you use third-party customer service tools that collect personal information in New Mexico, you must ensure that the service provider implements and maintains reasonable security procedures and practices appropriate to the nature of the personal identifying information and to protect it from unauthorized access, destruction, use, modification, or disclosure. You must also arrange for proper disposal of the records containing personal identifying information when they are no longer reasonably needed for business purposes. Additionally, you may disclose nonpublic personal financial information to your affiliates or use it pursuant to an exception in 13.1.3.18 NMAC or 13.1.3.19 NMAC, in the ordinary course of business to carry out the activity covered by the exception under which you received the information. However, you may not disclose that information to a third party for marketing purposes or use that information for your own marketing purposes. Finally, you must obtain a valid authorization in written or electronic form separate from that used for any other purpose if you receive nonpublic personal information from an individual.

Source(s):

Jurisdiction

New Mexico

Privacy