There’s an interesting piece in the Albuquerque Journal that explains why a New Mexico data breach notification bill failed again. It appears that most of the Democrats on the committee voted against it, but why they voted against it is of note. Thomas J. Cole reports:
“The comments appeared to be it was too industry-friendly for the attorneys on the committee,” Rep. William “Bill” Rehm, R-Albuquerque, sponsor of the bill, said in an interview last week.
At the hearing, Sen. Joseph Cervantes, a trial lawyer, said he was concerned about the strength of the notification requirements for companies in the legislation, as well as a cap of $150,000 on the amount of damages the state attorney general could collect from a company for notification violations.
Cervantes, D-Las Cruces, also noted that the measure didn’t explicitly permit individuals to seek damages caused by identity theft or fraud due to notification violations.
Read more on Albuquerque Journal.
So the Democrats killed it because the bill was too weak? The private cause of action will likely prove to be a sticking point in future proposals.
In the meantime, New Mexico remains one of only a few states that have no breach notification law.