Did you know that for not respecting the privacy of personal data, your company can be fined up to 27 million pesos? In Law In Cabo we know that worldwide, personal information shared on the Internet (especially in social networks) is worth a lot of money and it is possible that as time goes by, the amount will continue to increase. Not in vain all the efforts to regulate the good use that is given to this intangible asset: in Mexico, since 2001 initiatives were presented and it was in 2009 when data privacy became a reality.
Over the years, laws have been updated to better control the digital possibilities that arise: what is considered sensitive data, how is it decided whether someone “consented” or not to share their information…? However, as this is a constantly changing topic, it is possible that many new regulations are unknown.
Fines for misuse of personal data
In our country we have two essential laws to be updated on the subject: the Federal Law for the Protection of Personal Data in Possession of Private Parties (LFPDPPP), which is aimed at private individuals or companies (and in which we will delve deeper: OCCMundial, services, companies) and the General Law for the Protection of Personal Data in Possession of Obligated Subjects (LGPDPPSO), applicable to government entities.
When using a service, you are subject to a privacy notice and terms and conditions. It is possible that many times when you are about to use a digital product or service, especially in the “creation of a new account” you will see in the registration page a text that says “I have read and accepted the terms and conditions”.
Ideally and always recommended is to read this information, since there are several guidelines to follow; however, it is very common that everywhere in the world this is not done: this information is overlooked. The bad thing about this practice is that failure to abide by any of these agreements can lead to problems due to mere ignorance.
Fines for misuse of personal data
You could get into trouble for these types of actions
The misuse of personal data, whether with or without intention, with or without knowledge, can bring serious problems for the company and for the person who performs it.
What are the current fines in Mexico for not protecting or misusing personal data?
According to the Federal Law for the Protection of Personal Data in Possession of Individuals (articles 63 and 64) and the IDC Online site, currently these are the penalties for not complying with the regulation:
From $8,688 to $13,900,800 (equivalence of 100 to 160,000 times the value of the UMA) for:
- Failure to comply with the holder’s request for access, rectification, cancellation or opposition to the processing of his personal data, without good reason.
- Act with negligence or fraud in the processing of requests for access, rectification, cancellation or opposition of personal data.
- Declare fraudulently the non-existence of personal data, when it exists totally or partially in the data bases of the responsible party.
- To treat personal data in contravention of the principles set forth in the LFPDPPP.
- Omitting in the privacy notice any or all of the elements referred to in article 16 of the LFPDPPP.
- Maintain inaccurate personal data when it is attributable to the responsible party, or fail to make the legally required rectifications or cancellations when the rights of the owners are affected.
- Failure to comply with the warning referred to in section I of article 64 of the LFPDPPP.
Fines for misuse of personal data
And from $17,376 to $27,801,600 (equivalent to 200 to 320,000 times the value of the UMA) for:
- Failure to comply with the duty of confidentiality established in article 21 of the LFPDPPP.
- Substantially changing the original purpose of data processing
- Transferring data to third parties without communicating to them the privacy notice containing the limitations to which the owner subjected the disclosure of such data.
- Violate the security of databases, premises, programs or equipment, when it is attributable to the responsible party.
- To carry out the transfer or assignment of personal data, outside the cases provided for in the LFPDPPP.
- Collect or transfer personal data without the express consent of the owner, in cases where this is required.
- Obstructing the verification acts of the authority
- Collect data in a misleading and fraudulent manner
- Continue with the illegitimate use of personal data when the cessation of such use has been requested by the institute or the owners.
- Treat personal data in a manner that affects or prevents the exercise of the rights of access, rectification, cancellation and opposition established in Article 16 of the Political Constitution of the United Mexican States.
- In the case of violations committed in the processing of sensitive data, the penalties may be increased by up to two times the established amounts. In addition, the person who commits the offenses may be imprisoned for up to 10 years.
What are our recommendations?
Do not use private data for purposes other than those you accept in the terms and conditions of any company or website, and it will also be good to keep your team updated, so they do not commit any infringement by mere ignorance.
Are you in Baja California Sur, Mexico? Todos Santos, Los Cabos, La Paz, Loreto, San Jose Del Cabo, Los Cabos, El Pescadero? Are you in Nuevo Leon, Mexico? Apodaca, Cadereyta Jiménez, El Carmen, García, San Pedro Garza García, General Escobedo, Guadalupe, Juárez, Monterrey, Salinas Victoria, San Nicolás de los Garza, Santa Catarina and Santiago…
Fines for misuse of personal data
At Cabo Lawyers we seek to satisfy the different legal needs of our clients, both in their business and personal matters. Contact us at: (+52)8119384461, where we will gladly advise you.
You may be interested in: https://lawincabo.com/cyber-fraud
