New Mexico may become the 47th state with a breach notification law as a newly introduced bill is headed to the House.
The Data Breach Notification Act (H.B. 224) would allow for individuals affected by a breach to be notified by organizations within 10 days of discovering the incident, should the information compromised include unencrypted credit card data. If the security incident involves more than 50 New Mexico residents, the state attorney general will be alerted within 10 business days.
Additionally, card carriers will be able to sue for both recovery costs associated to the data breach and for statutory damages.
New Mexico is currently one of four states – Alabama, Kentucky and South Dakota are the others – to not have a data breach notification law. Recent retailer breaches have brought the discussion regarding a potential federal breach notification law back to the forefront.