Mexico Passes Data Protection Law

While 45 of the 50 U.S. states have data breach notification laws on the books, many countries have no such protections. Earlier this month, Mexico joined the ranks of countries looking to provide legal assurances that its citizens’ privacy data is protected from corporate abuse.
On 5 July 2010, Mexico’s Federal Institute for Access to Information and Data Protection (IFAI) published the new Federal Law on Protection of Personal Data held by Private Parties, effective 6 July 2010.
This new law regulates the legitimate collection, processing and disclosure of personal data held by the private sector. Interestingly, the Federal Institute for Access to Information and Data Protection (nee Federal Institute for Access to Public Information) has now expanded its oversight powers to include the private sector, even though the law does not apply to government entities.
Essentially, companies must have permission from the person whose information they’re processing and inform them of the reason for their access. Citizens now have the right to access their data, have any inaccuracies corrected, deny transfers of their data and have their data be deleted from a system for “legitimate reasons.” A citizen’s lack of response to any notice is considered to be tacit consent.
The law does not prescribe how to protect privacy data, though it does require that companies employ security measures to protect said data that are not “inferior to (continue reading...)