New Mexico is a gubernatorial signature away from becoming the nation's 48th state to pass a data breach notification law, according to a post on the website of global law firm Morgan Lewis.
The legislation passed unopposed through the state's House on Feb. 15 and Senate on March 15 and now awaits Governor Susana Martinez to sign it into law. She has until April 7, otherwise it will be pocket vetoed.
If she signs the bill, New Mexico would become the 48th state – along with four U.S. jurisdictions: the District of Columbia, Guam, Puerto Rico, and the Virgin Islands – to adopt some form of data breach notification law, requiring that an entity notify residents should there be an unauthorized access to their systems or a compromise of personally identifiable information.
The various state laws, while similar in intent, are each unique, "creating a complicated and oftentimes contradictory system," the Morgan Lewis report stated. Though there have been several attempts in Congress at an overarching federal law, each has been stopped in committee, so companies with business in multiple states must contend with complying with all of the jurisdictions.
Alabama and South Dakota still do not have any similar legislation in place.