Mexico’s data protection authority will not rush to carry out compliance inspections or take enforcement actions when rules implementing the country’s new data protection law begin taking effect in July, the head of the DPA, the InstitutoDeral De Acceso a la InformaciónPública (IFAI), said March 10 at a conference.
As soon as the final rules are published in July, the government expects businesses and other covered entities to begin following the basic requirements that they appoint an individual to be in charge of data protection and establish written data security and privacy policies, IFAI President Commissioner Jacqueline PeschardMariscal said.
But the government will not immediately begin verification activity, she said. Instead, the IFAI will focus on training and education of covered entities in the requirements of the rules, Mariscal said at a session of the International Association of Privacy Professionals Global Privacy Summit.
Mexico’s Federal Law Protecting Personal Data in Private Possession regulates for the first time on a federal level how businesses and individuals handle personal data. It technically took effect July 6, 2010 (9 PVLR 1016, 7/12/10), but the implementing rules are not expected before this July, according to the IFAI (10 PVLR 368, 3/7/11).
Enforcement of the new law is slated to begin in January 2012, Mariscal confirmed at the conference panel entitled “Privacy: What You Need to Consider When Doing Business in North America.”