 | |
|
Reed Smith |
Monday, May 17, 2010
|
|
| |
|
|
Mexico's Senate Passes Federal Law for Protection of Personal Data
|
On April 27, 2010, the Mexican Senate passed Ley Federal de Protección de Datos Personales en Posesión de los Particulares (the Federal Law for Protection of Personal Data (FLPPA)). President Felipe Calderon is expected to sign the FLPPA into law soon, and thereafter, the FLPPA will be published and its regulatory provisions enacted. The objective of the FLPPA is to provide regulatory mechanisms for the newly established replacement agency, Instituto Federal de Acceso a la Información y Protección de Datos (the Federal Institute of Information Access and Data Protection (FIIADP), to enforce the FLPPA in relation to any individual or entity engaging in the collection, storage and/or transfer of personal data.
Key Considerations:
-
Broad Definition of Personal Data. The definition of "personal data" is very broad and includes any information concerning a physical person that identifies such person, or from which such person may be identified.
-
Special Treatment of Sensitive Personal Data. Similar to the approach in the European Union under the European Union Data Directive, the treatment of "sensitive personal data," the definition of which focuses on information that may be used for discriminatory purposes, such as information about a person's race, ethnicity, sex, medical condition, religion, philosophies and morals, political opinions, and sexual preferences, is afforded special protection status.
-
Provision of Privacy Notice Required. Notice must give individuals a clear understanding of how their personal data is being used and/or transferred, and provide a means for correcting submitted personal data and revoking consent for proposed uses and transfers. Also, in the event of a transfer, the transferee must assume and abide by this same privacy notice.
-
Express Consent Required for Processing Sensitive Personal Data. The collector of sensitive personal data must obtain the express consent (signature, electronic signature or other form of verifiable consent) of the individual to process and/or transfer such individual's sensitive personal data prior to the processing and/or transfer of such information.
-
Notification and Re-Consent Required if Use Changes. The entity holding personal data of an individual must notify such individual and have such individual re-consent to new treatment, if the scope of use changes after such individual's initial consent.
-
Regulates Both National and International Transfers. The FIIADP has the authority to enforce the FLPPA in relation to both national and international transfers of personal data.
-
Requires Establishment of Safeguards. The entity collecting, storing and/or transferring personal data must establish administrative processes and procedures, and physical and technological safeguards, to protect personal data. Further guidance on standards may be forthcoming.
-
Potential Penalties and Sanctions are Severe. Financial penalties are not clearly established, but may be up to approximately US$3 million. It also provides a criminal penalty of up to five years imprisonment, up to three years for general violations of the FLPPA, and up to five years for violations for unauthorized transfer of sensitive personal data.
The FLPPA does not apply to credit institutions and individuals that collect information solely for personal and non-commercial purposes. There are also certain exemptions where the treatment and transfer of personal data would not be subject to the FLPPA statutory consent requirements, such as (i) where the transfer is between affiliates; (ii) in the case of medical emergencies; (iii) where the transfer is necessary pursuant to a contract between the data controller and the transferee, provided that the transfer is in the best interest of the individual; (iv) where there is a judicial decree involving the subject data; or (v) where the transfer of the subject data is necessary for the protection of public health and/or safety.
|  |
| |
 |
|
|
| |
| |
|
|
|
|
About Reed Smith
Reed Smith is a global relationship law firm with nearly 1,600 lawyers in 22 offices throughout the United States, Europe, Asia and the Middle East. Founded in 1877, the firm represents leading international businesses, from Fortune 100 corporations to mid-market and emerging enterprises. Its lawyers provide litigation and other dispute resolution services in multi-jurisdictional and other high-stakes matters; deliver regulatory counsel; and execute the full range of strategic domestic and cross-border transactions. Reed Smith is a preeminent advisor to industries including financial services, life sciences, health care, advertising, technology and media, shipping, energy trade and commodities, real estate, manufacturing, and education. For more information, visit reedsmith.com
U.S.: New York, Chicago, Los Angeles, Washington, San Francisco, Philadelphia, Pittsburgh, Oakland, Princeton, Northern Virginia, Wilmington, Silicon Valley, Century City, Richmond
Europe: London, Paris, Munich, Greece
Middle East: Abu Dhabi, Dubai
Asia: Hong Kong, Beijing
© Reed Smith LLP 2010. All rights reserved.
Business from offices in the United States and Germany is carried on by Reed Smith LLP, a limited liability partnership formed in the state of Delaware; from the other offices, by Reed Smith LLP of England; but in Hong Kong, the business is carried on by Richards Butler in association with Reed Smith LLP (of Delaware, USA). A list of all Partners and employed attorneys as well as their court admissions can be inspected at the firm's website.
Attorney Advertising. This Alert may be considered advertising under the rules of some states. Prior results described cannot and do not guarantee or predict a similar outcome with respect to any future matter that we or any lawyer may be retained to handle.
To opt-out from future communications, click here.
|
|
|
|
