Your friendly neighborhood technology counsel here: So, Mexico recently passed a new data protection law. On April 27, 2010, Mexico passed the Federal Law for the Protection of Personal data, which is likely to be signed into law by the President in the near future. This law not only allows for a mind-boggling $1.5 million penalty for violation, but it also applies to the private sector. Private and public entities will need to protect themselves from privacy litigation.
This law is much akin to the EU's data privacy laws. Meaning, among other things, that scope of the law is extremely broad. Additionally, all data is included, but certain types of data are given greater protection. This Sensitive Personal Data includes: "In particular, consider those that may reveal sensitive issues such as racial or ethnic origin, health status, present and future, genetic information, religious, philosophical and moral, union membership, political views, sexual preference." (translated from the Bill). The dissemination of any information that contains this sensitive data will require written consent from the owner of the data, the individual.
Now the $1.5 million question: What does this mean for my business? The simple answer is: Potentially alot. In the world of e-discovery and privacy litigation,this issue has already begun to rear its head in the context of the EU's data privacy law. With the number of American manufacturers and companies with a presence and facilities in Mexico, this type of broad legislation could result in the expenditure of millions of compliance dollars to craft protocols and document retention issues. Think of the billions of e-mails that must run through a Fortune 500 company. Now think about how many of those e-mails contain some amount of information that fits within the category I described above. To disseminate that information, each individual has to be contacted and give written consent. Like I said, mind-boggling.
Obviously, society is walking a thin line between protection of information and the availability of information for legitimate purposes. Privacy litigation both here and abroad is going to shape the breadth and direction of that line. And then, when we think we have a handle on it all, we'll start talking about what we are going to do under cloud computing law for that data that is stuck firmly in the cloud.
This law is much akin to the EU's data privacy laws. Meaning, among other things, that scope of the law is extremely broad. Additionally, all data is included, but certain types of data are given greater protection. This Sensitive Personal Data includes: "In particular, consider those that may reveal sensitive issues such as racial or ethnic origin, health status, present and future, genetic information, religious, philosophical and moral, union membership, political views, sexual preference." (translated from the Bill). The dissemination of any information that contains this sensitive data will require written consent from the owner of the data, the individual.
Now the $1.5 million question: What does this mean for my business? The simple answer is: Potentially alot. In the world of e-discovery and privacy litigation,this issue has already begun to rear its head in the context of the EU's data privacy law. With the number of American manufacturers and companies with a presence and facilities in Mexico, this type of broad legislation could result in the expenditure of millions of compliance dollars to craft protocols and document retention issues. Think of the billions of e-mails that must run through a Fortune 500 company. Now think about how many of those e-mails contain some amount of information that fits within the category I described above. To disseminate that information, each individual has to be contacted and give written consent. Like I said, mind-boggling.
Obviously, society is walking a thin line between protection of information and the availability of information for legitimate purposes. Privacy litigation both here and abroad is going to shape the breadth and direction of that line. And then, when we think we have a handle on it all, we'll start talking about what we are going to do under cloud computing law for that data that is stuck firmly in the cloud.
Powered by Compendium
Comments for Mexico Passes New Data Protection and Privacy Law