Introduction to New Mexico Privacy Rights
New Mexico residents enjoy a unique blend of privacy protections shaped by state constitutional guarantees, specific statutes, and common law principles. While the state has not yet enacted a comprehensive consumer data privacy law like California's CCPA or Virginia's CDPA, New Mexico maintains robust privacy protections through targeted legislation addressing data breaches, health information, public records access, and consumer protection.
The foundation of privacy rights in New Mexico begins with Article II, Section 10 of the New Mexico Constitution, which protects citizens against unreasonable searches and seizures. This constitutional provision has been interpreted by New Mexico courts to provide privacy protections that, in some instances, exceed federal standards. The state's privacy framework reflects a pragmatic approach: rather than omnibus legislation, New Mexico has developed sector-specific laws addressing particular privacy concerns as they emerge.
Compared to other states, New Mexico occupies a middle position in privacy protection. The state lacks the comprehensive consumer privacy frameworks found in California, Colorado, Connecticut, and Virginia, but maintains stronger protections than many states without data breach notification laws or specific consumer protection statutes. New Mexico's Data Breach Notification Act, enacted in 2017, places the state among the majority that require businesses to notify consumers when their personal information is compromised. The state's Inspection of Public Records Act (IPRA) provides significant transparency while carefully balancing individual privacy rights, particularly regarding personally identifiable information in government records.
New Mexico's approach to privacy protection emphasizes practical enforcement through the Office of the Attorney General, which actively pursues cases involving consumer privacy violations, data breaches, and unfair trade practices. This enforcement-focused approach, combined with common law privacy protections recognized by New Mexico courts, creates a privacy landscape that offers meaningful protections even without comprehensive omnibus legislation.
New Mexico's State Privacy Laws
New Mexico's privacy protection framework consists of several targeted statutes addressing specific privacy concerns. Understanding these laws helps residents recognize their rights and hold organizations accountable for privacy violations.
Data Breach Notification Act
The New Mexico Data Breach Notification Act, codified at NMSA 1978, §§ 57-12C-1 to 57-12C-9, represents the state's primary consumer privacy protection statute. Enacted in 2017, this law requires any person that owns or licenses computerized data that includes personal identifying information to disclose any breach of the security of the system to affected New Mexico residents.
Under § 57-12C-4, notification must be made "in the most expedient time possible and without unreasonable delay" but allows for delays necessary to determine the scope of the breach, restore system integrity, or comply with law enforcement investigations. The law defines "personal identifying information" as a New Mexico resident's first name or initial and last name combined with: Social Security number, driver's license number, financial account numbers, or account passwords and security codes.
The breach notification must include: the date or estimated date of the breach, a description of the personal information involved, contact information for consumer reporting agencies, and information about identity theft protection services if offered. Businesses must also notify the New Mexico Attorney General if the breach affects more than 1,000 residents. Violations constitute unfair or deceptive trade practices under the Unfair Practices Act (NMSA 1978, § 57-12-1 et seq.), subjecting violators to civil penalties up to $10,000 per violation.
Unfair Practices Act
The Unfair Practices Act (NMSA 1978, § 57-12-1 through § 57-12-26) serves as New Mexico's primary consumer protection statute and applies to privacy violations. The Act prohibits unfair or deceptive trade practices, which courts have interpreted to include misrepresentation about data collection practices, failure to implement reasonable security measures, and violations of stated privacy policies. The Attorney General can seek injunctions, restitution, and civil penalties. Private citizens may also bring actions under the Act and recover actual damages, with the possibility of treble damages for willful violations.
Employee Privacy Rights
New Mexico provides specific workplace privacy protections through several statutes. Under NMSA 1978, § 50-11-3, employers cannot require employees or job applicants to provide access to personal social media accounts as a condition of employment. This protection, enacted in 2012, makes New Mexico one of the earlier states to prohibit employer access to personal social media.
The state also regulates employee monitoring. While New Mexico does not have a comprehensive electronic monitoring statute, common law recognizes employee privacy expectations in certain circumstances. Under NMSA 1978, § 30-12-1, intercepting wire or electronic communications without consent of at least one party constitutes a fourth-degree felony. This creates privacy protections for employee communications, though employers may monitor business communications with proper notice.
New Mexico law at NMSA 1978, § 50-4-1 et seq. protects the privacy of personnel files for public employees, restricting access and establishing procedures for employees to review and challenge information in their files. Private sector employees have more limited statutory protections but may rely on common law privacy torts and contractual provisions.
Financial Privacy
Financial privacy in New Mexico is primarily governed by federal law, particularly the Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA). However, New Mexico supplements these protections through the Unfair Practices Act and common law privacy torts. The state requires financial institutions to implement reasonable security measures, and the Attorney General has pursued cases against financial services companies for inadequate data protection.
New Mexico also regulates credit services organizations under NMSA 1978, § 61-18A-1 et seq., requiring these entities to provide consumers with specific disclosures and prohibiting deceptive practices. These provisions indirectly protect consumer financial privacy by regulating how credit-related businesses handle consumer information.
Freedom of Information / Open Records in New Mexico
The Inspection of Public Records Act (IPRA), codified at NMSA 1978, § 14-2-1 et seq., governs access to government records in New Mexico. IPRA embodies a strong presumption in favor of public access, declaring that "all persons are entitled to the greatest possible information regarding the affairs of government and the official acts of public officers and employees."
What IPRA Covers
IPRA applies to all state and local government agencies, including executive branch departments, legislative bodies, courts, political subdivisions, and any entities created by law and supported by public funds. "Public records" are broadly defined to include all documents, papers, letters, books, maps, tapes, photographs, recordings, and other materials regardless of physical form or characteristics that are used, created, received, maintained, or held by a public body.
Key Exemptions Protecting Privacy
IPRA contains specific exemptions protecting individual privacy. Under § 14-2-1(A), exemptions include: letters of reference concerning employment, licensing, or permits; personnel files except for resumes and applications for public employment; medical, psychiatric, or psychological records; adoption records; student records; library patron records; and personal financial information.
Social Security numbers are specifically protected under § 14-2-1(D.1), which requires redaction from documents before disclosure. Driver's license information, home addresses, telephone numbers, and dates of birth of non-elected public employees are also exempt under § 14-2-1(K). Law enforcement records may be withheld if disclosure would interfere with investigations, endanger life or safety, or reveal confidential sources.
Request Procedures and Response Time
To request records under IPRA, submit a written request to the records custodian of the relevant public body. The request should reasonably describe the records sought but need not reference IPRA or use specific legal language. Public bodies must permit inspection immediately or within three business days. If inspection cannot be permitted within three days, the custodian must explain in writing when records will be available and why additional time is needed.
Extraordinary circumstances, such as the need to search and collect records from separate facilities, may justify extensions, but the public body must act in good faith and with reasonable diligence. Failure to respond within three business days creates a presumption that the agency has violated IPRA.
Fees and Costs
Public bodies may charge reasonable fees for copying records. Under § 14-2-9, fees must not exceed one dollar per page for standard paper copies. Electronic records provided by email or downloadable link cannot be charged copying fees. The first hour of staff time locating and copying documents must be provided without charge; thereafter, agencies may charge the actual cost of the lowest-paid employee capable of performing the task. Requesters may inspect records without charge.
Appeals Process
If a records request is denied, the requester may file a civil action in district court to enforce IPRA. These actions receive expedited treatment. Courts may award attorney fees and costs to prevailing plaintiffs. Under § 14-2-11, if the court finds the public body violated IPRA, it may impose a civil penalty of $100 per day up to $1,000. Willful violations may result in penalties up to $5,000.
HIPAA and Health Privacy in New Mexico
Health privacy in New Mexico is governed primarily by the federal Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which applies uniformly across all states. HIPAA establishes national standards for protecting individually identifiable health information held by covered entities (health care providers, health plans, and health care clearinghouses) and their business associates.
New Mexico-Specific Health Privacy Protections
New Mexico supplements HIPAA with state-specific protections in certain areas. The New Mexico Mental Health and Developmental Disabilities Code, NMSA 1978, § 43-1-19, provides enhanced confidentiality protections for mental health records. These records cannot be disclosed without patient consent except in limited circumstances such as court orders, medical emergencies, or mandatory reporting situations.
HIV/AIDS-related information receives special protection under NMSA 1978, § 24-2B-6, which restricts disclosure of HIV test results and related information. Unauthorized disclosure constitutes a misdemeanor, and individuals harmed by improper disclosure may pursue civil remedies.
Genetic testing information is protected under NMSA 1978, § 24-21-1 et seq., the Genetic Information Privacy Act. This law prohibits employers, health insurers, and others from requiring genetic testing or discriminating based on genetic information. It provides privacy protections that exceed federal requirements in certain respects.
Substance abuse treatment records receive federal protection under 42 CFR Part 2, which applies in New Mexico. These regulations impose stricter confidentiality requirements than HIPAA for records related to substance use disorder treatment at federally-assisted programs.
Protecting Your Medical Records in New Mexico
New Mexico residents have the right to access their medical records under both HIPAA and state law. Providers must provide copies within 15 days under HIPAA standards. Fees are limited to reasonable cost-based charges for copying. Under NMSA 1978, § 14-6-1 et seq., patients may request copies of their medical records, and providers must comply within a reasonable time.
To protect health privacy, New Mexico residents should: review the Notice of Privacy Practices provided by health care providers, authorize only necessary disclosures, request accounting of disclosures to see who has accessed records, and file complaints with the U.S. Department of Health and Human Services Office for Civil Rights or the New Mexico Department of Health if privacy violations occur.
Consumer Data Privacy Rights
While New Mexico has not enacted comprehensive consumer data privacy legislation similar to the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR), residents maintain important privacy rights through federal law, state consumer protection statutes, and common law principles.
Federal Privacy Rights Applicable in New Mexico
New Mexico residents benefit from federal privacy laws including the Fair Credit Reporting Act (FCRA), which governs how consumer reporting agencies collect, use, and share consumer information. Under FCRA, New Mexico residents can request free annual credit reports from Equifax, Experian, and TransUnion through AnnualCreditReport.com, dispute inaccurate information, and place fraud alerts or credit freezes.
The Telephone Consumer Protection Act (TCPA) protects against unwanted telemarketing calls and texts. New Mexico residents can register phone numbers on the National Do Not Call Registry at DoNotCall.gov. The CAN-SPAM Act provides rights regarding commercial email, including the right to opt out of marketing emails.
Data Collection and Opt-Out Rights
Under New Mexico's Unfair Practices Act, businesses must honor stated privacy policies and cannot engage in deceptive practices regarding data collection. While the state does not mandate opt-in consent for data collection, businesses that promise consumers control over their information must provide functional opt-out mechanisms. False or misleading privacy policies constitute unfair trade practices actionable by the Attorney General or private citizens.
New Mexico residents concerned about online tracking can exercise opt-out rights through industry self-regulatory programs like the Digital Advertising Alliance's opt-out tools at OptOut.AboutAds.info. Browser-based controls, including cookie settings and tracking protection features, provide additional privacy controls.
Removing Information from Data Brokers
Data brokers compile personal information from public records, commercial sources, and other data aggregators. While New Mexico does not require data brokers to register or provide opt-out mechanisms (unlike Vermont or California), residents can request removal directly from individual data broker sites. Major data brokers with opt-out procedures include: Spokeo, Whitepages, BeenVerified, Intelius, MyLife, and PeopleFinders.
The opt-out process typically requires: identifying your listing on the data broker site, locating the privacy policy or opt-out page, submitting required information (which may include verifying your identity), and following up to confirm removal. Be aware that information may reappear if the data broker reacquires it from public sources. Regular monitoring and repeated opt-out requests may be necessary.
Credit Reporting Rights
Under FCRA, New Mexico residents can place security freezes on credit reports free of charge at all three major credit bureaus. Security freezes prevent new creditors from accessing credit reports, making it difficult for identity thieves to open accounts in your name. Freezes must be placed separately with Equifax (800-349-9960), Experian (888-397-3742), and TransUnion (888-909-8872).
New Mexico residents can also place fraud alerts, which require creditors to take additional steps to verify identity before extending credit. Initial fraud alerts last one year, while extended alerts for confirmed identity theft victims last seven years. Fraud alerts, unlike freezes, can be placed with one bureau, which must notify the others.
Employment Background Checks & Privacy in New Mexico
New Mexico regulates employment background checks through a combination of state and federal law. Understanding these protections helps job seekers recognize their rights and challenge improper use of background information.
Federal Requirements: Fair Credit Reporting Act
The Fair Credit Reporting Act (FCRA) governs background checks conducted by third-party consumer reporting agencies. In New Mexico, employers using consumer reporting agencies for background checks must: provide written notice to the applicant, obtain written authorization before the check, provide a pre-adverse action notice with a copy of the report if negative information may lead to rejection, and provide a final adverse action notice if employment is denied based on the report.
Applicants have the right to dispute inaccurate information with the consumer reporting agency, which must investigate within 30 days. New Mexico residents should request copies of background check reports and carefully review them for errors, as inaccuracies are common and can wrongly exclude qualified applicants from employment.
New Mexico-Specific Background Check Limitations
New Mexico does not have a comprehensive "ban-the-box" law prohibiting employers from asking about criminal history on initial applications. However, public employers in certain jurisdictions, including the City of Albuquerque, have adopted policies delaying criminal history inquiries until later in the hiring process.
Under NMSA 1978, § 28-2-3, certain criminal records may be expunged or sealed, preventing their disclosure in background checks. Arrest records that did not lead to conviction can be expunged immediately upon dismissal or acquittal. Conviction records may be expunged after waiting periods that vary by offense severity. Once expunged, applicants may legally deny the arrest or conviction occurred.
Criminal Record Accessibility
New Mexico criminal records are generally public under IPRA unless sealed by court order. Background check companies can typically access: conviction records indefinitely, pending charges, and arrest records. However, FCRA limits how consumer reporting agencies report certain information: civil judgments, tax liens, and most other adverse information cannot be reported after seven years; bankruptcy information cannot be reported after ten years; and criminal convictions have no time limit but must be accurate.
The New Mexico Corrections Department maintains an online inmate search system, and court records are accessible through the New Mexico Judiciary's case lookup system. Private background check companies aggregate this public information, often with errors. New Mexico residents should obtain their own background checks periodically to identify and correct errors.
Disputing Inaccurate Background Information
To dispute inaccurate criminal records, contact the New Mexico court that handled the case and request correction of records. For errors in background check reports, dispute directly with the consumer reporting agency in writing, providing documentation of the error. The agency must investigate and correct or delete unverified information. Under FCRA, if errors are not corrected, consumers can add a statement to their file explaining the dispute and may pursue legal action against the reporting agency.
Protecting Yourself in New Mexico
New Mexico residents can take concrete steps to protect their privacy and control personal information. This practical guide provides actionable measures to enhance privacy protection.
Step 1: Freeze Your Credit
Contact all three credit bureaus to place security freezes: Equifax at freeze.equifax.com or 800-349-9960, Experian at experian.com/freeze or 888-397-3742, and TransUnion at transunion.com/credit-freeze or 888-909-8872. Credit freezes are free under federal law. You'll receive a PIN or password to temporarily lift the freeze when you need to apply for credit. Also consider freezing reports at Innovis (866-712-4546) and the National Consumer Telecom & Utilities Exchange (866-349-5355), which maintain specialized consumer reports.
Step 2: Opt Out of Data Broker Sites
Systematically remove your information from major data broker websites. Start with: Spokeo (spokeo.com/optout), Whitepages (whitepages.com/suppression-requests), BeenVerified (beenverified.com/faq/opt-out), Intelius (inteligator.com/opt-out), MyLife (mylife.com/privacy-policy), PeopleFinders (peoplefinders.com/opt-out), and Radaris (radaris.com/control/remove). Each site has different procedures; follow instructions carefully and keep records of opt-out confirmation emails. Expect the process to take several weeks and require follow-up.
Step 3: Register with Do Not Call and Do Not Mail Services
Register your phone numbers on the National Do Not Call Registry at DoNotCall.gov or by calling 888-382-1222 from the phone you wish to register. Registration is permanent but may take 31 days to take full effect. For mail, register with DMAchoice.org to reduce marketing mail. While not comprehensive, these services significantly reduce unwanted contacts.
Step 4: Request Record Sealing or Expungement
If you have arrest or conviction records eligible for expungement under New Mexico law, petition the court that handled your case. Under NMSA 1978, § 29-3A-5, arrest records not resulting in conviction may be expunged immediately. For conviction record expungement under § 29-3A-5, waiting periods vary: misdemeanor convictions require waiting two years after completion of sentence; fourth-degree felonies require four years; third-degree felonies require six years; and second-degree felonies require ten years. First-degree felonies generally cannot be expunged.
To begin the expungement process, obtain a Petition for Expungement form from the district court clerk in the county where the case was heard. Complete the petition, attach required documentation (including certified copies of the disposition), and file with the court. A hearing may be scheduled where you must demonstrate rehabilitation and show that expungement serves the interests of justice. If granted, the court will order all records sealed, including those held by law enforcement agencies, the Administrative Office of the Courts, and the New Mexico Corrections Department.
Step 5: Monitor Your Privacy Regularly
Establish a privacy maintenance routine: check credit reports quarterly (obtain one free report every four months by rotating among the three bureaus), search for your name on data broker sites every six months and renew opt-out requests as needed, review financial account statements monthly for unauthorized activity, and update passwords annually using unique, complex passwords for each account.
Key New Mexico Agencies for Privacy Protection
Office of the New Mexico Attorney General, Consumer Protection Division: 844-255-9210 or nmag.gov; handles consumer privacy complaints and enforces the Data Breach Notification Act and Unfair Practices Act. New Mexico Department of Health: 505-827-2613; addresses health privacy concerns. New Mexico Regulation and Licensing Department: 505-476-4500; regulates certain businesses that handle consumer data. For federal privacy issues, contact the Federal Trade Commission at 877-382-4357 or identitytheft.gov.
New Mexico Data Breach Notification
The New Mexico Data Breach Notification Act (NMSA 1978, § 57-12C-1 et seq.) establishes specific requirements for businesses and government agencies that experience data breaches involving New Mexico residents' personal information.
Who Must Notify
Any person conducting business in New Mexico that owns or licenses computerized data containing personal identifying information must provide notification following a security breach. "Person" is broadly defined to include individuals, businesses, associations, corporations, and government agencies. The obligation applies regardless of where the entity is located if the breach affects New Mexico residents.
What Triggers Notification
Under § 57-12C-3, a "breach of the security of the system" means unauthorized acquisition of unencrypted computerized data that compromises the security, confidentiality, or integrity of personal identifying information. "Personal identifying information" means a New Mexico resident's first name or initial and last name in combination with: Social Security number, driver's license number or other government identification number, financial account number with access codes, or passwords or security questions and answers that would permit access to accounts.
Notification is not required if, after appropriate investigation and consultation with law enforcement, the entity reasonably determines that the breach will not likely result in harm to affected individuals. However, entities should document this determination carefully, as they bear the burden of proving notification was not required.
Notification Timeline and Method
Section 57-12C-4 requires notification "in the most expedient time possible and without unreasonable delay." The statute allows reasonable delay necessary to: determine the scope of the breach and restore system integrity, conduct investigation in consultation with law enforcement, or determine contact information for affected individuals. Law enforcement may request delay if notification would impede a criminal investigation, but this delay may not exceed 30 days unless extended by court order.
Notification must be provided by: written notice to the last known postal address, electronic notice if consistent with federal E-SIGN Act requirements (meaning the individual has consented to electronic communication), or telephone notice provided the entity retains a log of calls. Substitute notice is permitted if the entity demonstrates that direct notice would exceed $50,000, the affected class exceeds 100,000 residents, or the entity lacks sufficient contact information. Substitute notice requires: email notice if the entity has email addresses, conspicuous posting on the entity's website, and notification to major statewide media.
Content Requirements
Notification must include: the date or estimated date of the breach, a description of the personal identifying information compromised, contact information for consumer reporting agencies if Social Security numbers were compromised, and information about identity theft protection services offered by the entity if applicable. Clear, plain language is required to ensure consumers understand the breach and available remedies.
Attorney General Notification
If a breach affects more than 1,000 New Mexico residents, the entity must notify the New Mexico Attorney General. This notification should be provided concurrently with notice to affected individuals and should include the same information provided to consumers plus any additional details about the breach circumstances and remedial measures taken.
Penalties for Non-Compliance
Violations of the Data Breach Notification Act constitute unfair or deceptive trade practices under the Unfair Practices Act (NMSA 1978, § 57-12-1 et seq.). The Attorney General may bring civil actions seeking injunctive relief and civil penalties up to $10,000 per violation. Private individuals may also bring actions under the Unfair Practices Act and recover actual damages, with treble damages possible for willful violations, plus attorney fees and costs.
Children's Privacy in New Mexico
Children's privacy receives special protection under federal law and certain New Mexico statutes recognizing minors' heightened vulnerability and need for parental involvement in privacy decisions.
Children's Online Privacy Protection Act (COPPA)
COPPA, enforced by the Federal Trade Commission, applies uniformly in New Mexico. The law requires websites and online services directed to children under 13, or with actual knowledge they are collecting information from children under 13, to: provide notice of information collection practices, obtain verifiable parental consent before collecting personal information from children, give parents the right to review information collected from their children, give parents the opportunity to prevent further use or collection, maintain reasonable data security, and retain children's personal information only as long as necessary.
New Mexico parents can exercise COPPA rights by contacting websites or services directly to review or delete children's information. Complaints about COPPA violations should be filed with the FTC at ftc.gov/complaint or the New Mexico Attorney General's Consumer Protection Division.
New Mexico Student Privacy
The federal Family Educational Rights and Privacy Act (FERPA) protects student education records in New Mexico schools receiving federal funding. Under FERPA, parents have the right to: inspect and review their children's education records within 45 days of request, request amendment of inaccurate records, consent to disclosure of personally identifiable information (with certain exceptions), and file complaints with the U.S. Department of Education if rights are violated.
New Mexico supplements FERPA protections through state law. NMSA 1978, § 22-10A-1 et seq., the Public School Code, incorporates FERPA requirements and adds state-specific protections. School districts must develop policies governing student records access and provide annual notice of parents' rights under FERPA. Student records are exempt from disclosure under IPRA, protecting student privacy from public records requests.
Student Data Privacy
New Mexico has addressed concerns about third-party educational technology vendors accessing student data. While the state has not enacted comprehensive student data privacy legislation, the Public Education Department has issued guidance requiring school districts to ensure vendor contracts include provisions protecting student data, limiting use to educational purposes, prohibiting sale of student information, and requiring data deletion when no longer needed for educational purposes.
Parents concerned about student data privacy should request information from their children's schools about what educational technology services are used, what data is collected, how it is protected, and who has access. New Mexico parents may file complaints regarding student privacy violations with the Public Education Department or the U.S. Department of Education's Family Policy Compliance Office.
Frequently Asked Questions About Privacy Rights in New Mexico
Does New Mexico have a comprehensive consumer data privacy law like California's CCPA?
No, New Mexico has not enacted comprehensive consumer data privacy legislation comparable to the California Consumer Privacy Act (CCPA) or similar laws in Virginia, Colorado, Connecticut, and Utah. Privacy protections in New Mexico come from targeted statutes like the Data Breach Notification Act, the Unfair Practices Act, and federal laws like FCRA and HIPAA. However, privacy legislation has been proposed in recent legislative sessions, and New Mexico may adopt comprehensive privacy protections in the future as more states recognize the need for consumer data privacy regulation.
How do I remove my personal information from public records in New Mexico?
Completely removing personal information from public records is generally not possible because government agencies must maintain official records. However, you can limit access through several approaches: petition for expungement of eligible criminal records under NMSA 1978, § 29-3A-5; request redaction of Social Security numbers and other sensitive information from documents before public disclosure under IPRA; opt out of data broker sites that aggregate public records; and file a motion to seal court records in civil cases if you can demonstrate compelling privacy interests that outweigh public access. Certain records, like adoption records and mental health records, are already confidential under New Mexico law.
What should I do if my personal information was exposed in a data breach in New Mexico?
If you receive breach notification, act promptly: review the notification carefully to understand what information was compromised; if Social Security numbers were exposed, place fraud alerts or security freezes on your credit reports with all three major bureaus; monitor financial accounts and credit reports closely for signs of identity theft; change passwords for affected accounts, using unique, complex passwords; enable multi-factor authentication where available; consider credit monitoring services (many companies offer free monitoring following breaches); file a complaint with the New Mexico Attorney General at 844-255-9210 if you believe the company violated notification requirements; and report identity theft to the FTC at IdentityTheft.gov and local law enforcement if fraudulent accounts are opened in your name.
Can employers in New Mexico access my social media accounts?
No. Under NMSA 1978, § 50-11-3, employers and prospective employers cannot: require employees or applicants to provide user names, passwords, or other access to personal social media accounts; require employees or applicants to authenticate or access personal social media accounts in the employer's presence; compel employees or applicants to invite the employer to join contact lists or otherwise provide access to personal social media; or require employees or applicants to change privacy settings on personal social media accounts. Employers may still request access to work-related accounts they provide and may view information publicly available on social media. Employees who believe employers have violated this law should contact the New Mexico Department of Workforce Solutions or consult an employment attorney.
How long do I have to respond to a public records request if I'm a government employee?
Under New Mexico's Inspection of Public Records Act (NMSA 1978, § 14-2-11), public bodies must permit inspection of public records immediately or within three business days of receiving a written request. If immediate or three-day access is not possible, the records custodian must explain in writing when the records will be available and the reason for the delay. Extraordinary circumstances may justify additional time, but the agency must act in good faith with reasonable diligence. Failure to respond within three business days creates a presumption of IPRA violation. If providing records requires extensive staff time for compilation or redaction, communicate with the requester about a reasonable timeline and keep detailed documentation of efforts to comply.
Can I expunge my criminal record in New Mexico?
Yes, under certain circumstances. NMSA 1978, § 29-3A-5 allows expungement of arrest records that did not result in conviction (available immediately upon dismissal or acquittal) and conviction records after waiting periods: two years after completing sentence for misdemeanors; four years for fourth-degree felonies; six years for third-degree felonies; and ten years for second-degree felonies. First-degree felonies generally cannot be expunged. You must have completed all conditions of your sentence, paid all fines and restitution, and had no subsequent convictions during the waiting period. To begin the process, file a Petition for Expungement with the district court in the county where you were convicted. The court will consider whether expungement serves the interests of justice and whether you have been rehabilitated. If granted, all records related to the arrest or conviction will be sealed and you may legally deny the incident occurred except in limited circumstances (such as applications for law enforcement positions).
What are my rights if a background check contains false information about me?
Under the Fair Credit Reporting Act (FCRA), you have specific rights if a background check contains inaccurate information. First, obtain a copy of the background check report from the consumer reporting agency that provided it to the employer. Dispute inaccurate information in writing to the consumer reporting agency, explaining the error and providing supporting documentation. The agency must investigate within 30 days and correct or delete unverified information. If the agency fails to correct the error, you can add a statement of dispute to your file that must be included in future reports. You may also have a claim against the consumer reporting agency for willful or negligent noncompliance with FCRA. If an employer took adverse action (such as denying employment) based on inaccurate