Legal Insights

< back to search results

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates


An active spring state legislative session has already produced a few new state data breach laws.

Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only holdouts: South Dakota and Alabama.

Unlike most state data breach laws, New Mexico includes "biometric data" in its list of "personal identifying information" that triggers breach notice.[1] If a court determines that a person covered under the bill violated the statute knowingly or recklessly, the court can penalize the person the greater of either $25,000 or, in the case of failed notification, $10 per instance of failed notification, up to a maximum of $150,000.