CU-backed breach notification bill passes N.M. legislature

March 16, 2017

The New Mexico state legislature passed a credit union-supported data breach notification bill Wednesday night. The Data Breach Notification Act passed unanimously.

“Last night, all New Mexicans became safer with the passage of the Data Breach Notification Act. For too long, New Mexico has been a target for identity theft and fraud because we have not previously had any method to alert consumers when their personal information has been compromised,” said Paul Stull, president/CEO of the Credit Union Association of New Mexico. “New Mexico credit unions have fought for this protection for four years and, thanks in large part to our partnership with Leverage Point and the support from New Mexico citizens and credit union members, the 40-0 passage is a strong warning to fraudsters that New Mexico is now on alert."

Specifically, the bill requires retailers and any other entity that gathers and stores personal information to notify affected parties within 30 days if the entity believes there is a serious risk of identity theft or fraud.

Businesses that do not comply could be fined up to $150,000.

New Mexico is one of three states without a data breach notification law. The other two are Alabama and South Dakota.

CUNA supports a strong national data security standard, as well as cybersecurity standards that match the ones faced by financial institutions under the Gramm-Leach-Bliley Act for retailers and other entities that handle sensitive information.