Doing Business in Mexico? It’s Time to Revise Your Privacy Practices
By Holly K. Towle, Henry L. Judy, Samuel R. Castic
On July 6, 2010, Mexico’s “Law on the Protection of Personal Data Held by Private Parties” took effect, and some of the most stringent requirements are currently scheduled to take effect in July 2011. Accordingly, the time for companies that are covered by the law to adjust their privacy policies and business practices is today, not mañana.[1] In many ways, this law is more robust than approaches taken to data protection in the United States. It brings Mexican privacy law far closer to, or goes beyond, the concepts and structure of the European Data Protection Directive (“EU Directive”)[2] or other approaches such as the Canadian Personal Information Protection and Electronic Documents Act.[3] The law also seems to approximate the European Union approach of treating data protection as a basic right.[4] This Alert discusses some of the key provisions of Mexico’s new law.