BGBG shares with you the analysis that our Partner, Carlos Díaz and Senior Associate, Victor Gonzalez made for Chambers in their Cybersecurity 2022 guide for Mexico. Please do not hesitate to contact us with any Privacy, Personal Data Protection, and Cybersecurity questions.
In Mexico, there is no specific legal framework that regulates cybersecurity. Despite the fact that there is a “National Strategy for Cybersecurity”, this is just a document which references what the goals of the state should be when regulating cybersecurity, and it also mentions that any effort expended on cybersecurity should be done for social, economic and political development, in the private and public sectors.
In Mexico, cybersecurity has more to do with actions preventing the committing of certain crimes, than the implementation of policies and principles in the private and public sectors. In this sense, there are specific regulations pertaining to crimes in regards to breaches of information security systems.
In addition to the aforementioned, since 2013, internet access has been considered a fundamental right as it is included within fundamental constitutional rights. This has influenced regulatory bodies to recognise the use of the internet and consequently, the protection of security in the digital environment.
Within the legal framework, the following have certain provisions related to cybersecurity:
- the Data Protection Law (for public and private parties);
- the Telecommunications and Broadcasting Law, and its guidelines on security and justice collaboration;
- the Law on Transparency and Access to Public Information;
- the Criminal Federal Code and National Code of Criminal Procedures;
- the Law on Women’s Access to a Life Free of Violence; and
- the United States–Mexico–Canada Agreement.
It is important to note that in 2022, at least three bills are being discussed on regulating cybersecurity with a specific law.
Global Practice Guide for Mexico 2022
- Basic National Regime
- Key Laws and Regulators at National and Subnational Levels
- Key Frameworks
- Key Affirmative Security Requirements
- Data Breach Reporting and Notification
- Ability to Monitor Networks for Cybersecurity
- Cyberthreat Information Sharing Arrangements
- Significant Cybersecurity and Data Breach Regulatory Enforcement and Litigation
- Due Diligence
- Insurance and Other Cybersecurity Issues