With data breaches increasing, states continue to push for consumer notification requirements. Last week, New Mexico passed the Data Breach Notification Act, which New Mexico credit unions urged for four years.
Paul Stull, president/CEO of Credit Union Association of New Mexico, said New Mexicans are safer with the passage of the Data Breach Notification Act. He added for too long, New Mexico consumers served identity theft and fraud targets because there was no alert system in place following a compromise.
“New Mexico Credit Unions fought for this protection for four years and, thanks in large part to our partnership with Leverage Point and the support from NM citizens and CU members, the 40-0 passage is a strong warning to fraudsters that New Mexico is now on alert.” Somerville, Mass-based LeveragePoint offers a software-as-a-service solution.
New Mexico House Bill 15, called the Data Breach Notification Act, requires any entity that gathers and stores personal information, to warn people of a compromise. A business would have 30 days to alert consumers of a potential breach if the business believes there is a serious risk of identity theft or fraud as a result. If the business doesn’t comply with the law, it could be fined up to $150,000.
New Mexico state representative Bill Rehm, R-Albuquerque, the bill’s sponsoring said, “New Mexico is one of two states, Arkansas is the other, that do not have a data breach bill.”
So far it falls back to individual states to protect consumers. “There is no federal law for data breach. If we remember, Target had a lot of information stolen. This would just mean that if you lose data such as that, you will work with the attorney general and notify New Mexico customers that their information has been lost.”
A New York state regulation, which took effect March 1, requires financial institutions to provide minimum cybersecurity standards and report breaches to regulators in an effort to limit consumer losses.
As of March 21, the total number of reported breaches now totals 353, a 56.2% increase over last year’s record pace for the same time period (226) captured, according to the 2017 ITRC Breach Report, from Scottsdale, Ariz.-based CyberScout and San Diego-based Identity Theft Resource Center. The breaches include more than 1.3 million records exposed.
