Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Feb. 11 — A New Mexico data breach notification bill (H.B. 217 ) moving in the Legislature would make the state the 48th to enact a law requiring that companies notify individuals affected by a breach of personal information.
The New Mexico House Business and Employment Committee Feb. 5 unanimously approved a substitute amendment for H.B. 217. The measure is scheduled for consideration by the House Judiciary Committee Feb. 13.
The move comes as the Obama administration is pushing for federal legislation to set a national breach notice standard to preempt state breach laws.
Congress may be receptive to passing a breach notice law in the wake of recent large-scale breaches at Anthem Inc. and Sony Pictures Entertainment Inc.
If the proposed New Mexico Data Breach Notification Act, which was introduced Jan. 28 by Rep. William R. Rehm (R), is adopted, Alabama and South Dakota would be the only states left without a breach notice statute.
The New Mexico bill would require companies and government agencies to notify New Mexico residents when there is “unauthorized acquisition of computerized data that compromises the security, confidentiality or integrity of personal identifying information.” Under the proposed law, notification must take place within 45 days after discovery of the breach.
If the breach involves payment card numbers, covered entities would be required to notify merchants that processed the data within 10 business days of discovering the breach.
If more than 1,000 individuals were required to be notified as the result of a single breach incident, covered entities would also have to notify the state office of the attorney general of the breach.
The bill would require covered entities to employ “reasonable” data security measures and to dispose of stored personal information as soon as possible after it is no longer needed for business purposes in manner that makes the data “unreadable or undecipherable.”
H.B. 217 would authorize the state attorney general to bring suit to seek injunctive relief and actual damages for violations of the proposed law. If a court held that the breach law was violated “knowingly or recklessly,” it would be authorized to award a civil penalty of the greater of $5,000, or in the case of a failure by a covered entity to provide notice, $10 per instance of failed notification up to a maximum of $150,000 per breach incident.
The committee substitute stripped a provision from the bill as filed that would have allowed payment card issuing banks to sue merchants that improperly retained card data for the costs of replacing cards and card readers, closing and reopening user accounts, reimbursing card holders for unauthorized charges and notifying affected individuals.
There is still a chance that lawmakers in Alabama may see a breach notice bill in the 2015 legislative session, but no legislation will be considered in South Dakota in 2015.
As of Feb. 11 no breach notice legislation has been introduced in Alabama, but there is no deadline for filing bills. The Legislature is slated to adjourn in June.
Meanwhile in South Dakota, the Feb. 4 deadline for introduction of legislation has passed without a breach notification measure being filed.
The Business and Employment Committee substitute for H.B. 217 is available at http://www.nmlegis.gov/Sessions/15%20Regular/bills/house/HB0217BES.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)