|OVERVIEW||On April 27, 2010, the Mexican Senate passed a data protection law that addresses how private and public entities handle the collection, use and disclosure of personal information of Mexican residents. The new law expands the authority of the Mexico’s data protection authority, now called the Federal Institute of Access to Information and Data Protection. The Institute will conduct inspections and enforce compliance with the new law.|
|GENERAL PRIVACY LAWS||The Mexican Constitutions protects the right to privacy, which traditionally includes the inviolability of the domicile and correspondence. The Constitution protects the person, his/her family, documents or possessions, and the confidentiality of correspondence.|
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||On July 6, 2010, Mexico’s Ley Federal de Protección de Datos Personales en Posesión de los Particulares came into force. A Spanish version of the law is available here.|
|TYPE OF DATA PROTECTED||
The Data Protection Law applies to all personal data related to an identified or identifiable individual (regardless of nationality) and regulates the treatment of such personal data throughout the Mexican territory.
The treatment of personal data is defined to include the collection, use, disclosure or storage of such data, through any means. Use is defined to include any action to access, process, profit from, transfer or dispose of the personal data.
The Data Protection Law is not applicable to personal data controlled by duly licensed credit analysis agencies and entities that conduct collection and storage of personal data strictly for personal purposes, without the intention to disclose or commercially use such data.
|WORKPLACE PRIVACY LAWS||No law specifically regulating workplace monitoring.|
|TRANSBORDER TRANSFERS||Pursuant to Articles 36, 37 et seq., cross border transfer of data, personal data may be transferred nationally or internationally without authorization of the owner: when the transfer is made to parent companies, subsidiaries or affiliates under the control of the party responsible for the data or to a parent company or any other company within the same corporate group of the responsible party that uses the same procedures and internal policies.|
|FINES AND SANCTIONS||The Act provides for penalties up to an astounding $1.5 million for violations under the law.|
|OTHER PRIVACY LAWS AND REGULATIONS||There are at least 30 federal laws that deal with privacy laws and data protection in Mexico. The Mexican federal laws are available in Spanish on the website of the House of Representatives here.|