New Mexico's House of Representatives passed a data breach bill on Wednesday night by a unanimous vote, according to the Grant County Beat.
Bill 15, known as the Data Breach Notification Act, was sponsored by Rep. Bill Rehm (R-Bernalillo). It will require service providers to put in place reasonable procedures to safeguard personally identifying information (PII) of its customers. As well, the legislation would mandate that providers alert consumers whose PII may have been affected by an incursion. Should more than a thousand accounts be exposed, providers would be required to notify the Attorney General's Office and consumer reporting agencies no later than 45 days subsequent to the discovery of a breach.
"New Mexico is one of three states that do not have a data breach notification law," said Rep. Rehm. "Our laws have not kept up with the pace of technology. This bill will remedy a gap in our existing consumer protections and put us on par with other states."
The bill now moves on to the state's Senate for ratification. In March 2015, a similar bill – also sponsored by Rehm – stalled when the Senate Judiciary Committee twice voted to not pass along the proposed legislation to the Senate floor.
Alabama and South Dakota are the remaining two states without a law requiring consumer notification following a security breach involving PII.