{"id":12035,"date":"2024-02-02T15:53:23","date_gmt":"2024-02-02T21:53:23","guid":{"rendered":"https:\/\/www.mgps.com.mx\/?p=12035"},"modified":"2024-02-02T16:09:06","modified_gmt":"2024-02-02T22:09:06","slug":"consideraciones-legales-respecto-a-ciberseguridad-en-mexico-procesamiento-de-datos-personales-sensibles","status":"publish","type":"post","link":"https:\/\/www.mgps.com.mx\/en\/consideraciones-legales-respecto-a-ciberseguridad-en-mexico-procesamiento-de-datos-personales-sensibles\/","title":{"rendered":"Legal considerations regarding Cybersecurity in Mexico:\nProcessing of Sensitive Personal Data"},"content":{"rendered":"

By: Luis Gerardo Ram\u00edrez Villela<\/p>\n\n\n\n

Cybersecurity attacks have been increasing recently and it is necessary that every corporation create as part of their internal regulations - besides of the obligations to comply with applicable laws - specific policies creating awareness for the protection of third parties with whom they collaborate.<\/p>\n\n\n\n

Cybersecurity should not be considered as separate from data protection. Together, they provide the necessary tools to protect the personal data of third parties collaborating with each corporation and for such reason they should be considered as inseparable.<\/p>\n\n\n\n

In Mexico, there are currently three organizations with jurisdiction over cybersecurity: (i) the Cyber Incident Response Center of the General Scientific Directorate of the National Guard (Centro de Respuesta a Incidentes Cibern\u00e9ticos de la Direcci\u00f3n General Cient\u00edfica de la Guardia Nacional), (ii) the Federal Police (Policia Federal) and the (iii) National Institute for Transparency, Access to Information and Protection of Personal Data (Instituto Nacional de Transparencia, Acceso a la Informaci\u00f3n y Protecci\u00f3n de Datos Personales) (INAI).<\/p>\n\n\n\n

The Mexican Federal Law for the Protection of Personal Data Held by Private Parties (Ley Federal de Protecci\u00f3n de Datos Personales en Posesi\u00f3n de los Particulares) provides for the protection of personal data to guarantee privacy and the right to self-determination of information.<\/p>\n\n\n\n

The data processing must be adequate and relevant in connection with the purposes set out in the privacy notice that each corporation provides to its employees and third parties, and such notice must be available not only through the website but also in situ.<\/p>\n\n\n\n

The management of sensitive personal data should correspond to a specific area of each corporation (i.e. compliance) and the responsible of the information must make all reasonable efforts to limit the period of treatment of such data to the minimum necessary and inform internally about the processing and management of the information periodically.<\/p>\n\n\n\n

It should be mentioned that, in case of breach of the aforementioned, the owner of the personal data may file a claim before the INAI, and therefore administrative sanctions and procedures would proceed, which are generally punished with fines or even criminal actions depending on the violation of sensitive personal data.<\/p>\n\n\n\n

Please note that currently there is a project to be approved for the implementation of the Federal Cybersecurity Law (Ley Federal de Ciberseguridad) which would create independent authorities and specific crimes in connection therewith.<\/p>","protected":false},"excerpt":{"rendered":"

Por: Luis Gerardo Ram\u00edrez Villela Los ataques a la ciberseguridad han ido en aumento en los \u00faltimos tiempos y es necesario que cada empresa cree como parte de su normatividad interna – adem\u00e1s de las obligaciones por cumplir conforme a las leyes aplicables – pol\u00edticas espec\u00edficas creando conciencia para la protecci\u00f3n de terceros con quienes […]<\/p>","protected":false},"author":14,"featured_media":12037,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[99],"tags":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/www.mgps.com.mx\/wp-content\/uploads\/2024\/02\/Articulo-LGRV-Ciberseguridad-en-Mexico-Enero-11-2024.jpg","_links":{"self":[{"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/posts\/12035"}],"collection":[{"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/comments?post=12035"}],"version-history":[{"count":1,"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/posts\/12035\/revisions"}],"predecessor-version":[{"id":12036,"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/posts\/12035\/revisions\/12036"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/media\/12037"}],"wp:attachment":[{"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/media?parent=12035"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/categories?post=12035"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mgps.com.mx\/en\/wp-json\/wp\/v2\/tags?post=12035"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}