SB0444

SENATE BILL 444

53rd legislature - STATE OF NEW MEXICO - first session, 2017

INTRODUCED BY

Cisco McSorley

AN ACT

RELATING TO COMMUNICATIONS; ENACTING THE CHILD PROTECTION REGISTRY ACT AND THE DO NOT CONTACT REGISTRY ACT; PROHIBITING CERTAIN COMMUNICATIONS TO MINORS THAT ADVERTISE A PRODUCT OR SERVICE THAT A MINOR IS PROHIBITED FROM PURCHASING OR THAT CONTAIN MATERIALS HARMFUL TO MINORS; PROHIBITING CERTAIN COMMUNICATIONS TO PERSONS WHO HAVE REGISTERED WITH THE DO NOT CONTACT REGISTRY; CREATING THE CHILD PROTECTION REGISTRY FUND AND THE DO NOT CONTACT REGISTRY FUND; REQUIRING THE ATTORNEY GENERAL TO ESTABLISH THE CHILD PROTECTION REGISTRY AND THE DO NOT CONTACT REGISTRY AND A MECHANISM FOR PERSONS DESIRING TO SEND A COMMUNICATION TO VERIFY COMPLIANCE WITH THE CHILD PROTECTION REGISTRY ACT OR THE DO NOT CONTACT REGISTRY ACT; PROVIDING CIVIL AND CRIMINAL PENALTIES; RESOLVING CONFLICTS; MAKING AN APPROPRIATION.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF NEW MEXICO:

SECTION 1. [NEW MATERIAL] SHORT TITLE.--Sections 1 through 10 of this act may be cited as the "Child Protection Registry Act".

SECTION 2. [NEW MATERIAL] PURPOSE.--The purpose of the Child Protection Registry Act is to provide safeguards to prevent minor children from receiving communications that advertise a product or service that a minor is prohibited by law from purchasing or that contain or have the primary purpose of advertising or promoting material that is harmful to minors, as defined in Subsection F of Section 30-37-1 NMSA 1978.

SECTION 3. [NEW MATERIAL] DEFINITIONS.--As used in the Child Protection Registry Act:

A. "contact point" means any electronic identification to which a communication can be sent, including:

(1) an email address;

(2) an instant message identity;

(3) a telephone number; or

(4) any other electronic address identified in rules promulgated by the attorney general pursuant to the Child Protection Registry Act; and

B. "minor" means a child who has not reached the age of majority.

SECTION 4. [NEW MATERIAL] ESTABLISHMENT AND OPERATION OF THE CHILD PROTECTION REGISTRY.--

A. The attorney general shall establish and operate a child protection registry to compile and secure a list of contact points registered pursuant to Subsection B of this section. The attorney general shall adopt procedures to prevent the unauthorized use or disclosure of contact points contained in the registry.

B. A person responsible for a contact point to which a minor may have access may register that contact point in the child protection registry pursuant to rules promulgated by the attorney general. The attorney general shall establish rules to ensure that a registrant meets the requirements of this section.

C. A school or other entity that primarily serves minors may register one or more contact points in the child protection registry and shall be permitted to submit one registration form for all contact points of the school or entity. Registration submitted pursuant to this subsection may include the internet domain name of the school or entity.

D. Registration of a contact point submitted pursuant to this section shall be valid for three years.

E. The attorney general may contract with a third-party administrator to establish, operate and secure the child protection registry.

F. No fee shall be charged for registering a contact point in the child protection registry.

G. Information contained in the child protection registry is not a public record and shall not be made available for inspection by the public.

SECTION 5. [NEW MATERIAL] CHILD PROTECTION REGISTRY FUND--CREATED.--The "child protection registry fund" is created in the state treasury. The fund consists of appropriations and fees collected pursuant to Section 6 of the Child Protection Registry Act. Money in the fund shall not revert to any other fund at the end of a fiscal year. The attorney general shall administer the fund, and money in the fund is appropriated to the attorney general to establish, operate and administer the child protection registry and to enforce and defend the Child Protection Registry Act.

SECTION 6. [NEW MATERIAL] VERIFICATION OF COMPLIANCE BY SENDERS--FEES FOR VERIFICATION.--

A. The attorney general shall establish a mechanism by which a person desiring to send a communication can verify whether a contact point is registered in the child protection registry in order to ensure compliance with the Child Protection Registry Act. The attorney general shall charge a fee not to exceed three cents ($.03) per contact point checked against the registry.

B. A person desiring to send a communication described in Subsection A of Section 7 of the Child Protection Registry Act shall verify that the intended contact points are not registered in the child protection registry.

C. Fees collected pursuant to this section shall be deposited in the child protection registry fund.

SECTION 7. [NEW MATERIAL] VIOLATION OF ACT.--

A. A person shall not knowingly send, cause to be sent or conspire with a third party to send a communication to a contact point that has been registered in the child protection registry for more than thirty calendar days if the primary purpose of the communication is to directly or indirectly advertise or otherwise link to a communication that advertises a product or service that a minor is prohibited by law from purchasing or that contains or has the primary purpose of advertising or promoting material that is harmful to minors, as defined in Subsection F of Section 30-37-1 NMSA 1978.

B. It is a violation of the Child Protection Registry Act to:

(1) use information obtained from the child protection registry to violate the Child Protection Registry Act;

(2) improperly obtain or attempt to obtain contact points from the child protection registry; or

(3) use, or transfer to a third party to use, information from the registry to send a communication.

C. An internet service provider does not violate this section solely by transmitting a communication across the network of the internet service provider.

D. The consent of a minor to receive the communication is not a defense to violation of this section.

E. A person is guilty of a fourth degree felony and upon conviction shall be sentenced pursuant to the provisions of Section 31-18-15 NMSA 1978 if the person:

(1) uses information obtained from the child protection registry to violate the Child Protection Registry Act;

(2) improperly obtains or attempts to obtain contact points from the child protection registry; or

(3) uses, or transfers to a third party to use, information from the child protection registry to send a communication.

F. A person who violates a provision of the Child Protection Registry Act is subject to prosecution under the Computer Crimes Act.

SECTION 8. [NEW MATERIAL] EXCEPTION FOR VALID CONSENT BY ADULT.--

A. Notwithstanding the provisions of Section 7 of the Child Protection Registry Act, a person may send a communication that advertises a product or service that a minor is prohibited from purchasing, viewing, participating in or possessing if the person sending the communication receives consent from an adult who controls the contact point. Prior to sending the communication, the person shall:

(1) verify the age of the adult who controls the contact point by inspecting the adult's government-issued identification card in a face-to-face transaction;

(2) obtain a signed statement indicating that the adult consents to receive the communication; and

(3) notify the attorney general that the person intends to send the communication.

B. A communication sent pursuant to Subsection A of this section shall contain information that describes how the adult may opt out of receiving future communications.

C. The attorney general shall promulgate rules prescribing a method for verifying that valid consent has been obtained for communications sent pursuant to this section.

SECTION 9. [NEW MATERIAL] CIVIL ACTION FOR VIOLATION.--

A. A civil action for a violation of the Child Protection Registry Act may be brought by:

(1) the registrant of a contact point on behalf of a minor who has received a communication in violation of the Child Protection Registry Act; or

(2) the attorney general.

B. A person bringing an action pursuant to Paragraph (1) of Subsection A of this section may recover:

(1) actual damages; or

(2) the lesser of five thousand dollars ($5,000) per communication transmitted to the contact point or two hundred fifty thousand dollars ($250,000) per day that the violation occurs.

C. In an action brought by the attorney general pursuant to Paragraph (2) of Subsection A of this section, the attorney general may recover a civil penalty not to exceed ten thousand dollars ($10,000) per communication transmitted to a contact point in violation of the Child Protection Registry Act or five hundred thousand dollars ($500,000) per day that the violation occurs, whichever is less.

D. In each action brought pursuant to this section, the prevailing party may be awarded costs and reasonable attorney fees.

SECTION 10. [NEW MATERIAL] DEFENSE.--It shall be a defense to an action brought pursuant to the Child Protection Registry Act that a person reasonably relied on the mechanism for verification of compliance established pursuant to Section 6 of the Child Protection Registry Act.

SECTION 11. [NEW MATERIAL] SHORT TITLE.--Sections 11 through 21 of this act may be cited as the "Do Not Contact Registry Act".

SECTION 12. [NEW MATERIAL] PURPOSE.--The purpose of the Do Not Contact Registry Act is to provide a mechanism for persons to prevent solicitations and unsolicited advertisements that are sent to their email addresses, instant messaging applications or other electronic or digital contact points.

SECTION 13. [NEW MATERIAL] DEFINITIONS.--As used in the Do Not Contact Registry Act:

A. "contact point" means any electronic identification to which a communication can be sent, including:

(1) an email address;

(2) an instant message identity;

(3) a telephone number; or

(4) any other electronic address identified in rules promulgated by the attorney general pursuant to the Do Not Contact Registry Act;

B. "solicitation" means the initiation of a message, for the purpose of encouraging the purchase or rental of, or investment in, property, goods or services, that is transmitted to a person, but "solicitation" does not include a

message:

(1) to a person with that person's prior express invitation or permission;

(2) to a person with whom the message sender has an established business relationship; or

(3) by a tax-exempt nonprofit organization; and

C. "unsolicited advertisement" means any material advertising the commercial availability or quality of any property, goods or services that is transmitted to any person without that person's prior express invitation or permission, in writing or otherwise.

SECTION 14. [NEW MATERIAL] ESTABLISHMENT AND OPERATION OF THE DO NOT CONTACT REGISTRY.--

A. The attorney general shall establish and operate a do not contact registry to compile and secure a list of contact points registered pursuant to Subsection B of this section. The attorney general shall adopt procedures to prevent the unauthorized use or disclosure of contact points contained in the registry.

B. A person desiring to avoid a solicitation or an unsolicited advertisement may register that person's contact point in the do not contact registry pursuant to rules promulgated by the attorney general. The attorney general shall establish rules to ensure that a registrant meets the requirements of this section.

C. Registration of a contact point submitted pursuant to this section shall be valid for three years.

D. The attorney general may contract with a third-party administrator to establish, operate and secure the do not contact registry.

E. No fee shall be charged for registering a contact point in the do not contact registry.

F. Information contained in the do not contact registry is not a public record and shall not be made available for inspection by the public.

SECTION 15. [NEW MATERIAL] DO NOT CONTACT REGISTRY FUND-- CREATED.--The "do not contact registry fund" is created in the state treasury. The fund consists of appropriations and fees collected pursuant to Section 16 of this 2017 act. Money in the fund shall not revert to any other fund at the end of a fiscal year. The attorney general shall administer the fund, and money in the fund is appropriated to the attorney general to establish, operate and administer the do not contact registry and to enforce and defend the Do Not Contact Registry Act.

SECTION 16. [NEW MATERIAL] VERIFICATION OF COMPLIANCE BY SENDERS--FEES FOR VERIFICATION.--

A. The attorney general shall establish a mechanism by which a person desiring to send a solicitation or an unsolicited advertisement can verify whether a contact point is registered in the do not contact registry in order to ensure compliance with the Do Not Contact Registry Act. The attorney general shall charge a fee not to exceed three cents ($.03) per contact point checked against the registry.

B. A person desiring to send a solicitation or an unsolicited advertisement communication shall verify that the intended contact points are not registered in the do not contact registry.

C. Fees collected pursuant to this section shall be deposited in the do not contact registry fund.

SECTION 17. [NEW MATERIAL] VIOLATION OF ACT.--

A. A person shall not knowingly send, cause to be sent or conspire with a third party to send a solicitation or unsolicited advertisement communication to a contact point that has been registered in the do not contact registry for more than thirty calendar days.

B. It is a violation of the Do Not Contact Registry Act to:

(1) use information obtained from the do not contact registry to violate the Do Not Contact Registry Act;

(2) improperly obtain or attempt to obtain contact points from the do not contact registry; or

(3) use, or transfer to a third party to use, information from the do not contact registry to send a communication.

C. An internet service provider does not violate this section solely by transmitting a communication across the network of the internet service provider.

D. A person is guilty of a fourth degree felony and upon conviction shall be sentenced pursuant to the provisions of Section 31-18-15 NMSA 1978 if the person:

(1) uses information obtained from the do not contact registry to violate the Do Not Contact Registry Act;

(2) improperly obtains or attempts to obtain contact points from the do not contact registry; or

(3) uses, or transfers to a third party to use, information from the do not contact registry to send a communication.

E. A person who violates a provision of the Do Not Contact Registry Act is subject to prosecution under the Computer Crimes Act.

SECTION 18. [NEW MATERIAL] EXCEPTION FOR VALID CONSENT.--

A. Notwithstanding the provisions of Section 17 of this 2017 act, a person may send a solicitation or an unsolicited advertisement communication if the person sending the communication receives consent from the registrant of the contact point. Prior to sending the communication, the person shall:

(1) obtain a signed statement indicating that the registrant consents to receive the communication; and

(2) notify the attorney general that the person intends to send the communication.

B. A communication sent pursuant to Subsection A of this section shall contain information that describes how the registrant may opt out of receiving future communications.

C. The attorney general shall promulgate rules prescribing a method for verifying that valid consent has been obtained for communications sent pursuant to this section.

SECTION 19. [NEW MATERIAL] CIVIL ACTION FOR VIOLATION.--

A. A civil action for a violation of the Do Not Contact Registry Act may be brought by:

(1) the registrant of a contact point who has received a communication in violation of the Do Not Contact Registry Act; or

(2) the attorney general.

B. A person bringing an action pursuant to Paragraph (1) of Subsection A of this section may recover:

(1) actual damages; or

(2) the lesser of five thousand dollars ($5,000) per communication transmitted to the contact point or two hundred fifty thousand dollars ($250,000) per day that the violation occurs.

C. In an action brought by the attorney general pursuant to Paragraph (2) of Subsection A of this section, the attorney general may recover a civil penalty not to exceed ten thousand dollars ($10,000) per communication transmitted to a contact point in violation of the Do Not Contact Registry Act or five hundred thousand dollars ($500,000) per day that the violation occurs, whichever is less.

D. In each action brought pursuant to this section, the prevailing party may be awarded costs and reasonable attorney fees.

SECTION 20. [NEW MATERIAL] DEFENSE.--It shall be a defense to an action brought pursuant to the Do Not Contact Registry Act that a person reasonably relied on the mechanism for verification of compliance established pursuant to Section 16 of this 2017 act.

SECTION 21. [NEW MATERIAL] INTERPRETATION.--Nothing in the Do Not Contact Registry Act is intended to conflict with or replace any provision of the Child Protection Registry Act. To the extent a conflict exists, the provisions of the Child Protection Registry Act shall take precedence.

SECTION 22. EFFECTIVE DATE.--The effective date of the provisions of this act is July 1, 2017.

- 15 -