On July 5th, 2010 the Federal Law for the Protection of Personal Data1 in Possession of Particulars (the “Law”) was issued, with the purpose to regulate the “treatment” or management of personal data in a legitimate, controlled and informed manner, and to guaranty the privacy and the individual right of self-determination.
The Law establishes several obligations that must be fulfilled by private entities or persons2; of which the following became effective as of July 6th, 2013.
The responsible entities or persons shall appoint a person or department who shall be responsible for data protection in order to answer any petition to access, rectify, cancel or of opposition of personal data, or any other right protected by the act. “Treatment” under the Law means: the obtainment, use –which includes access, handling, exploitation, transfer or disposal-, disclosure or storage of personal data under any means. Individuals and companies obligated under the Law shall issue a privacy notice4to inform the beneficiaries of protected rights about
1Personal Data is integrated by any information regarding to an identified or identifiable natural person, such as name, telephone, address, photograph, or finger prints, as well as any other information that may identify such individual.
2 In general terms, the subjects obligated are the natural persons or legal entities, of the private range, that manages or treats personal data. The following are not under the Law: i) Credit information Entities and, ii) people who collect and store personal data for their own exclusive use, and without divulgation nor commercial purposes.
3 Law’s Regulation is pending to be issued this year 2011.
the information that is to be collected from them and the purposes of usage of such information, as well as the name of the person or department responsible of its protection. The privacy notices shall contain certain minimum requirements in terms of the Law.
It is important to mention that in case of a breach of obligations under the Law, infringers can be subject to fines between $5,900.00 Mexican pesos and $37,760,000.00 Mexican pesos.
In addition to the above, it must be taken into consideration that from January 2012, any person will be entitled to enforce their rights against those responsible persons designated regarding to the access, rectification, cancelation and opposition; and if the responsible entity or person fails to comply such petition, the affected person is entitled to initiate a procedure for rights protection before the Federal Institute of Information Access and Data Protection (Instituto Federal de Acceso a la InformaciónyProtección de Datos).
Please do not hesitate to contact us in case of any questions or concerns about the scope of this Law.
Guadalajara
Azucena Marín amarin@cuestacampos.com
Elena Robles erobles@cuestacampos.com
Andrés Gómez agomez@cuestacampos.com
The above is provided as general information prepared by professionals with regard to the subject matter. This document only refers to the applicable law in Mexico. While every effort has been made to ensure accuracy no responsibility can be accepted for errors or omissions. The information contained herein should not be relied on as legal, accounting or professional advice being rendered.
