ALBUQUERQUE, N.M. (1/21/15)--The Credit Union Association of New Mexico is supporting expected legislation that would require notification by merchants of security breaches involving personal identifying information.
Under the legislation, if more than 1,000 state residents are affected by a data breach, the merchant would be required to notify the New Mexico Attorney General's Office and the major credit reporting agencies within 14 days.
"This bill doesn't inoculate consumers against (data breaches)," Stull said (Albuquerque Journal Jan. 19), "But it gives them a fair chance to be alert to protect themselves."
The bill also requires secure storage and disposal of data containing personal identifying information, and it would give the attorney general the authority to pursue legal action against those who fail to report breaches.
While the number of data breaches hit a record 783 in 2014, according to the Identity Theft Resource Center, only eight were reported in New Mexico, Stull noted.
When data breaches occur, financial institutions are left paying the bill when fraudulent activity takes place, rather than the merchants where the breaches occur.
As member-owned nonprofits, credit unions cover the costs of fraudulent activity, which means "losses are passed on to our member-owners," he told the Journal.
The Credit Union National Association continues to press members of Congress to craft legislation that would require merchants to meet the same security standards as those imposed upon financial institutions.
Currently, New Mexico is one of three states that does not have a law requiring consumer notification of security breaches. A similar bill passed the House unanimously last year but it failed to get through the Senate before the end of the 30-day session.