The Mexican data protection authority, the Institute of Access to Information and Data Protection (the IFAI), has issued data security guidelines for businesses to ensure measures are implemented to comply with the data security provisions of the Mexican data protection law, the Federal Law on the Protection of Personal Data in the Possession of Private Parties (the Federal Law).
Mexico's Data Protection Secretary, Alfonso Onate-Laborde, commented, "Although the Mexican Data Protection Law required companies to implement a minimal set of security measures by 21 June 2013, many companies have not done so and stay at a low level of compliance with the rules. The Guidelines will provide useful advice for companies on how to implement security rules into their operating processes."
To ensure compliance with Article 19 of the Federal Law in particular, the IFAI guidelines recommend that companies adopt a Safety Management System of Personal Data based on a four-step process 'Plan-Do-Check-Act' ( the PDCA cycle), which can be summarised as follows:
Plan - identify key security objectives, examine data flows within the organisation and conduct a risk analysis Do - implement the necessary policies, procedures and plans to help achieve data security objectives Check - audit and evaluate whether policies, procedures and plans are achieving...