In Mexico, data protection legislation is not based on sectoral laws. The Law regulates the collection and processing of any personal information by any private entity acting as a Controller or Processor, which impacts any sector that is involved in any sort of personal data collection or processing. The National Institute of Transparency, Access to Information and Personal Data Protection is the authority responsible for overseeing the Law. Its main purpose is the disclosure of governmental activities, budgets, and overall public information, as well as the protection of personal data and the individuals’ right to privacy. The INAI has the authority to conduct investigations; review and sanction data protection Controllers; and authorize, oversee and revoke certifying entities.