Notification required pursuant to Subsection A of Section 6 [57-12C-6 NMSA 1978] of the Data Breach Notification Act shall contain:
A. the name and contact information of the notifying person;
B. a list of the types of personal identifying information that are reasonably believed to have been the subject of a security breach, if known;
C. the date of the security breach, the estimated date of the breach or the range of dates within which the security breach occurred, if known;
D. a general description of the security breach incident;
E. the toll-free telephone numbers and addresses of the major consumer reporting agencies;
F. advice that directs the recipient to review personal account statements and credit reports, as applicable, to detect errors resulting from the security breach; and
G. advice that informs the recipient of the notification of the recipient's rights pursuant to the federal Fair Credit Reporting.
History: Laws 2017, ch. 36, § 7.
Cross references. — For the federal Fair Credit Reporting Act, see 15 U.S.C. § 1681 et seq.
Effective dates. — Laws 2017, ch. 36 contained no effective date provision, but, pursuant to N.M. Const., art. IV, § 23, was effective June 16, 2017, 90 days after the adjournment of the legislature.
Structure New Mexico Statutes
Chapter 57 - Trade Practices and Regulations
Article 12C - Data Breach Notification
Section 57-12C-1 - Short title.
Section 57-12C-2 - Definitions.
Section 57-12C-3 - Disposal of personal identifying information.
Section 57-12C-4 - Security measures for storage of personal identifying information.
Section 57-12C-6 - Notification of security breach.
Section 57-12C-7 - Notification; required content.
Section 57-12C-8 - Exemptions.
Section 57-12C-9 - Delayed notification.
Section 57-12C-10 - Notification to attorney general and credit reporting agencies.
Section 57-12C-11 - Attorney general enforcement; civil penalty.
Section 57-12C-12 - State of New Mexico and political subdivisions exempted.