Today millions of people in Mexico share our personal data in different ways without being aware of the consequences that this entails.


Written by: Lic. Carolina Pacheco Osuna


In order to protect personal data held by individuals, on July 5, 2010 the Mexican Congress issued the “Federal Law on Protection of Personal Data Held by Private Parties” (hereinafter the “Act”), whose purpose is to regulate the lawful, controlled and informed treatment of personal data, in order to ensure privacy and the right to informational self-determination that we citizens of this country have. The National Institute for Transparency, Access to Information and Protection of Personal Data (“INAI”) is the authority responsible for monitoring compliance with this Act.

The main rights that give us this Act are: access, rectification, cancelation and opposition from the use of our personal data.

1. The first one of them is that we have the right to access our personal data that are being held by the responsible person for its use and also get access and knowledge of the privacy notice.

2. The second one is our right to rectify our personal information when it is inaccurate or incomplete.

3. The third one is blocking and then cancelling our data when we are willing that these are not longer used.

4. Finally, the opposition consists in the right we have to request that our data are not longer used.



These rights are to be exercised directly by the holder or, where appropriate, the legal representative of the personal data by a request addressed to the holder of the data.



To ensure the protection of personal data of individuals it is necessary that those responsible for the processing of the information have a “Privacy Notice” which is intended to delimit the scope and general conditions of the treatment and inform holders, so that they are in a position to make informed decisions about the use of their personal data, and to maintain control and dispose of them, which must comply with the requirements established by the “Privacy Policy Guidelines” published on 17 January 2013 in the Official Gazette. The conditions of the Privacy Notice covered by these guidelines are:


1. Integral Privacy Notice: it will be available to the owner when personal data are collected personally.

2. Simplified Privacy Notice: it will be available to the owner when personal data are obtained directly or indirectly.

3. Short Privacy Notice: it will be available to the owner when the space used for obtaining personal data is minimal and limited, so that the personal data collected or the space for the dissemination or reproduction of the privacy notice are limited too.


The conditions of the Privacy Notice may be used or reproduced by any of the physical, electronic, optical, sound, visual, or through any other technology that allows for effective communication means.


If those responsible for the processing of personal data fail to comply with the delivery of the Privacy Notice or perform any of the acts considered as an offense by the law, they will be charged with sanctions and fines amounting up to $22’432,000.00 pesos national currency, amount that could double depending on the severity of the act committed.


Finally, the reason why the Privacy Notice is important, is to prevent that the misuse of personal data generates discomfort to their owners, such as:

• Calls from call centers offering financial services or services of any other kind.


Receiving unwanted emails (SPAM).


The use of our personal data by people other than the holders of our information.



Alanís, Serrano & Doblado has advised countless companies and individuals about this issue successfully. AS & D, has lawyers with extensive experience in the field. 

More Info >