Notification required pursuant to Subsection A of Section 6 [57-12C-6 NMSA 1978] of the Data Breach Notification Act shall contain:
A. the name and contact information of the notifying person;
B. a list of the types of personal identifying information that are reasonably believed to have been the subject of a security breach, if known;
C. the date of the security breach, the estimated date of the breach or the range of dates within which the security breach occurred, if known;
D. a general description of the security breach incident;
E. the toll-free telephone numbers and addresses of the major consumer reporting agencies;
F. advice that directs the recipient to review personal account statements and credit reports, as applicable, to detect errors resulting from the security breach; and
G. advice that informs the recipient of the notification of the recipient's rights pursuant to the federal Fair Credit Reporting.
History: Laws 2017, ch. 36, § 7.
ANNOTATIONSCross references. — For the federal Fair Credit Reporting Act, see 15 U.S.C. § 1681 et seq.
Effective dates. — Laws 2017, ch. 36 contained no effective date provision, but, pursuant to N.M. Const., art. IV, § 23, was effective June 16, 2017, 90 days after the adjournment of the legislature.