New Mexico becomes 48th state to enact a data breach notification law. Alabama and South Dakota remain the only states without such a law. New Mexico law requires businesses operating in the state to take reasonable security procedures to safeguard PII. The measure also requires organizations to notify the state attorney general if more than 1,000 New Mexicans fell victim to a breach. Unlike Massachusetts’ law, the New Mexico measure is not prescriptive, giving much latitude to businesses to decide how best to protect PII.”]
Source: https://www.govinfosecurity.com/new-mexico-governor-signs-data-breach-notification-law-a-9850