Are mandatory arbitration provisions recognized in your state? If so, are there any limitations to its enforcement?

Yes, New Mexico generally recognizes mandatory arbitration, as arbitration is strongly favor under New Mexico law.  In fact, a court must enforce a valid arbitration agreement unless it is revocable or invalid under established principles of contract law.[i] Generally, “[t]he court shall decide whether an agreement to arbitrate exists or a controversy is subject to an agreement to arbitrate.”[ii]

In addition to the requirement there is evidence supporting an offer, acceptance, consideration, and mutual assent, such agreements shall not be substantively unconscionable.  There is a two-step analysis to evaluate substantive unconscionability.[iii] First, the court should look to the face of the arbitration agreement to determine the legality and fairness of the contract terms themselves. And second, if the court determines the arbitration agreement is facially one-sided, the court should allow the drafting party to present evidence that justifies the agreement is fair and reasonable, such that enforcement of the agreement would not be substantially unconscionable.[iv]

What is your state’s law, if any, regarding gift cards, subscription services and loyalty programs?

New Mexico does not have any law (court opinions, statutes or regulations) concerning gift cards, subscription services and loyalty programs.

What is your state’s law, if any, regarding safeguarding consumer credit card or other private data (i.e., cyber security)?

New Mexico does not have a comprehensive privacy law. The New Mexico Data Breach Notification Act, NMSA 1978, Section 57-12C-1 to -12 mandates the proper disposal of personal identifying information (“PII”), when it is “no longer reasonably needed for business purposes.”[i] PII is comprised of an individual’s first name or first initial and last name, coupled with any of the following: (a) a social security number; (b) a driver’s license number; (c) a government-issued identification number, (d) account number, credit or debit card number, along with any required security/access code or password to the financial account; and (e) biometric data.[ii] A person who owns or licenses PII “shall implement and maintain reasonable security procedures . . . to protect the [PII] from unauthorized access, destruction, use, modification or disclosure.”[iii] Individuals must be notified of security breaches in “the most expedient time possible,” preferably by U.S. mail or electronic notification.[iv]

The New Mexico Privacy Protection Act restricts businesses from requiring a consumer disclose his or her social security number as a condition to purchase products, goods, or services from the business.[v]

What is your state’s law, if any, regarding the collection and handling of financial information?

Personal identifying information (“PII”), as defined in the New Mexico Data Breach Notification Act, includes information pertaining to financial accounts. Anyone possessing PII “shall implement and maintain reasonable security procedures . . . to protect the [PII] from unauthorized access, destruction, use, modification or disclosure.”[vi] Any receipts for payments must not list more than five numbers from a credit card account number.[vii]

[i] § 57-12C-3.

[ii] § 57-12C-2(C).

[iii] § 57-12C-4.

[iv] § 57-12C-6.

[v] NMSA 1978, § 57-12B-3 (2003).

[vi] § 57-12C-4.

[vii] NMSA 1978, § 56-4-3.1 (2003).

[i] Strausberg v. Laurel Healthcare Providers, LLC, 2013-NMSC-032, ¶ 49, 304 P.3d 409.

[ii] NMSA 1978, § 44-7A-7(b) (2001).

[iii] Gomez v. Hobbs Operating Co., LLC, No. A-1-CA-38547, 2020 WL 6044151, (N.M. Ct. App. Oct. 1, 2020) (quoting Peavy v. Skilled Healthcare Group et. al., 2020-NMSC-010, ¶ 10).

[iv] Id.