What types of compliance documents can ComplianceIQ generate?

ComplianceIQ generates privacy policies, terms of service, employee handbooks, data handling policies, OSHA compliance documents, acceptable use policies, HIPAA compliance docs, information security policies, and more — all tailored to your industry.

Are the generated documents legally valid?

ComplianceIQ generates comprehensive, industry-standard compliance documents informed by current regulations. While they provide an excellent foundation, we recommend having critical documents reviewed by legal counsel for your specific jurisdiction.

How does ComplianceIQ stay current with regulations?

Our AI models are continuously updated with the latest regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2, OSHA, and more. Pro and Enterprise plans include regulatory update alerts.

← All US breach laws·NM

New Mexico data breach notification law

New Mexico's data breach notification requirements under N.M. Stat. §§57-12C-1 to 57-12C-12 (Data Breach Notification Act). Below: the resident-notification deadline, AG/regulator filing threshold, the encryption safe harbor, private right of action exposure, penalty schedule, and the common pitfalls that turn an avoidable incident into a regulator enforcement action.

Notification deadlines

Notify affected residents

In the most expedient time possible and without unreasonable delay, but not later than 45 days after discovery

Notify the state regulator

Yes — if more than 1,000 NM residents are affected, written notice to the AG within 45 days

Notify consumer reporting agencies

Yes — if more than 1,000 residents, notify nationwide CRAs

When is notification required?

Trigger / harm threshold

Notification not required if, after appropriate investigation, the breach does not give rise to a significant risk of identity theft or fraud

Encryption safe harbor

Yes — properly encrypted personal information is generally exempt from notification, provided the encryption key was not also compromised.

Frequently asked questions

How long do I have to notify New Mexico residents after a data breach?

In the most expedient time possible and without unreasonable delay, but not later than 45 days after discovery

Do I have to notify the New Mexico Attorney General?

Yes — if more than 1,000 NM residents are affected, written notice to the AG within 45 days

Does New Mexico require notification to nationwide consumer reporting agencies?

Yes — if more than 1,000 residents, notify nationwide CRAs

Is encrypted data exempt from New Mexico's breach notification requirement?

Yes — New Mexico has an encryption safe harbor. Breaches of properly encrypted personal information generally do not trigger notification, provided the encryption key was not also compromised.

Can New Mexico residents sue me directly for a data breach?

No — New Mexico's breach statute does not provide a direct private right of action. Residents typically must rely on the AG to enforce, or pursue common-law negligence claims.

What counts as 'personal information' under New Mexico law?

First name/initial + last name with SSN, DL/state ID, financial account + access code, biometric data

What are the penalties for failing to comply with New Mexico's breach notification law?

Up to $25,000 per breach + up to $10 per resident not notified (capped at $150,000 per breach)

Pre-empt the New Mexico breach notice — audit your policy now

ComplianceIQ runs a free audit of your privacy policy and incident-response language against New Mexico's statutory requirements. You'll see every gap before you have to use it for real.

Run free policy audit

New Mexico data breach notification law

Notification deadlines

When is notification required?

What counts as "personal information" under New Mexico law

Penalties and enforcement

Common pitfalls

Frequently asked questions

Related state breach laws

Pre-empt the New Mexico breach notice — audit your policy now