Published legislation and draft legislation - Mexico

State and municipal program for the protection of personal data

INFOEM

On May 31, the Institute of Transparency, Access to Public Information & Protection of Personal Data for the Mexican State and Municipalities (Instituto de Transparencia, Acceso a la Información Pública y Protección de Datos Personales del Estado de México y Municipios, hereinafter INFOEM) published its State and municipal program for the protection of personal data (hereinafter PEMPDP) in order to provide the public with greater understanding so that they can ensure better protection of their personal data.

The document gives information, so that people can enforce their rights of access, rectification, cancellation and objection (ARCO rights). It is structured by subject matter around eight blocks  including a diagnosis and a SWOT* analysis, describing the problems detected. It also investigates lines of strategy and possible actions to meet their goal. The key points in each block are as follows:

  1. Data-protection education and culture: There is much ignorance regarding rights to data protection, and the public is worried about the misuse of their personal data. Thus, citizens must be made aware that they are entitled to demand access to and, where necessary, rectify, cancel and oppose the way their personal data have been processed.
  2. Training. There is also much ignorance among identified parties (ie, data holders and data officers) regarding data protection. The program establishes that courses and specialist workshops be held so such parties can be updated on their responsibilities.
  3. Certification of identified parties. Officers identified as responsible for the processing of data must be professionals with certified training in the design of an end-to-end data-protection methodology.  This must be periodically updated.
  4. The exercise of ARCO and portability rights. Not all ARCO rights are implemented in equal measure. According to INFOEM data, the right to access is the most frequently exercised, whereas the right to opposition is the most rarely used. Moreover, the majority of the general public is unaware of the procedures for exercising these rights. The Program makes people more aware of the service for access, rectification, cancellation and opposition of personal data in the State of Mexico (SARCOEM), thereby fostering suitable, correct enforcement of the ARCO rights.
  5. Implementation and maintenance of security management systems. This must keep up with the latest advances in technology. Among other lines of action, preventive and corrective measures must be taken to continuously enhance the security management systems.
  6. Standards based on best practices in personal data protection. One line of action would be competitions or challenges, offering economic recompense or rewards in kind to encourage the promotion of national and international security standards and best practices in data protection.
  7. Resource management. In order to encourage transparency and reduce corruption in the public sector, the Program intends to set up a fund or financial instrument to provide support to actions that implement the law on protecting personal data held by identified parties in the State of Mexico and its municipalities.
  8. Monitoring, follow-up and verification of goals. Short- and medium-term lines of action are established to be able to evaluate the Program and ensure compliance with it, in order to take corrective measures to tackle issues identified when assessing the indicators.

The Program makes it possible to provide training to enhance the correct protection of personal data. This is vital in order to raise public awareness of the value of their personal information in the digital age.

* Strengths, Weaknesses, Opportunities and Threats