Mexico Issues Personal Data Protection Rules - Privacy - Mondaq Mexico - Mondaq Business Briefing - Books and Journals - VLEX 384351848

Mexico Issues Personal Data Protection Rules

Author:Mr Gustavo Alcocer
Profession:Olivares & CIA

The long awaited Personal Data Protection Rules (Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares, the "Rules") were finally issued on December 19, 2010 and published by executive decree of Felipe Calderon, President of Mexico, on December 21, 2011.

The Personal Data Protection Law (Ley Federal de Protección de Datos Personales en Posesión de Particulares, the "Law") enacted by the Mexican Congress on April 27, 2010 and published on July 5, 2010, had three important dates: July 5, 2011, when the Personal Data Protection Rules should have been published; July 6, 2011, which was the deadline for the designation of the person/entity in charge of personal data compliance and the issuance of the privacy notice and; January 6, 2012, which will be the date when personal data owners may exercise their access, rectification, cancelation and opposition rights ("ARCO Rights").

The Rules are now part of the Personal Data Protection legal framework in Mexico and have the purpose of regulating the provisions of the Law. Additional definitions to the ones contained in the Law include: ARCO Rights, digital media, exclusion list, administrative, physical and technical security measures, identifiable individual, remittance, electronic and physical back-up and suppression or data deletion.

The broad mandatory scope of application is not with a strict reference to the territory of Mexico but rather with a territorial approach. The Rules apply to any treatment of personal data by private individuals or entities as a result of the treatment of data or activities being performed within the Mexican Territory. As an example, if the responsible compliance person/entity is not I n the Mexican Territory the security measures contained in the Rules still apply.

There is personal data exempted such as data of individual business owners or private professionals and practitioners and such data resulting from a contractual or legal provision. Also public source is further regulated to include yellow pages and the...

To continue reading