Legal considerations regarding Cybersecurity in Mexico: Processing of Sensitive Personal Data

By: Luis Gerardo Ramírez Villela

Cybersecurity attacks have been increasing recently and it is necessary that every corporation create as part of their internal regulations - besides of the obligations to comply with applicable laws - specific policies creating awareness for the protection of third parties with whom they collaborate.

Cybersecurity should not be considered as separate from data protection. Together, they provide the necessary tools to protect the personal data of third parties collaborating with each corporation and for such reason they should be considered as inseparable.

In Mexico, there are currently three organizations with jurisdiction over cybersecurity: (i) the Cyber Incident Response Center of the General Scientific Directorate of the National Guard (Centro de Respuesta a Incidentes Cibernéticos de la Dirección General Científica de la Guardia Nacional), (ii) the Federal Police (Policia Federal) and the (iii) National Institute for Transparency, Access to Information and Protection of Personal Data (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (INAI).

The Mexican Federal Law for the Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) provides for the protection of personal data to guarantee privacy and the right to self-determination of information.

The data processing must be adequate and relevant in connection with the purposes set out in the privacy notice that each corporation provides to its employees and third parties, and such notice must be available not only through the website but also in situ.

The management of sensitive personal data should correspond to a specific area of each corporation (i.e. compliance) and the responsible of the information must make all reasonable efforts to limit the period of treatment of such data to the minimum necessary and inform internally about the processing and management of the information periodically.

It should be mentioned that, in case of breach of the aforementioned, the owner of the personal data may file a claim before the INAI, and therefore administrative sanctions and procedures would proceed, which are generally punished with fines or even criminal actions depending on the violation of sensitive personal data.

Please note that currently there is a project to be approved for the implementation of the Federal Cybersecurity Law (Ley Federal de Ciberseguridad) which would create independent authorities and specific crimes in connection therewith.

Restructuring

Müggenburg, Gorches and Peñalosa's restructuring practice includes representation of corporate debtors, hedge funds, in various industries, etc., in restructuring proceedings and bankruptcy equivalents (insolvency proceedings).

Mergers & Acquisitions

We provide services in acquisitions, sales, mergers, spin-offs, reorganizations and co-investments, representing national and foreign clients operating in various industrial and commercial sectors.

Corporate /Transactional

At Müggenburg, Gorches y Peñalosa we provide legal services in all aspects of corporate law practice. Our group of professionals in this area has years of experience providing services to both national and international clients, with the most diverse needs and the highest standards of demand and sophistication in the service. Among our clientele are leading companies in their sectors worldwide, such as automotive, cosmetics, hotels and tourism, food industry, aeronautical industry, computer programs and systems, suppliers of the oil industry, technology, among others.

We advise our clients on the constitution of Mexican companies (commercial and civil) and associations, attending to the needs derived from the industry and/or commerce segment in which they focus their activities and their medium and long-term plans, also providing services for compliance with the regulatory requirements that may apply, including those derived from direct foreign investment, economic competition and obtaining the necessary licenses and permits for its operation. Our services also extend to the provision of corporate services within the ordinary course of business of our clients, including advice on the preparation, review and negotiation of all types of civil and commercial contracts, and the custody, updating and maintenance of corporate books. . We also provide services related to the opening and management of branches in Mexico of foreign companies.

We represent national and foreign corporate and/or investment groups in the acquisition of, and/or merger with, Mexican business entities, and on other occasions we also represent acquired Mexican entities. In both cases, we provide legal audit services to foresee possible contingencies of the operation, locate areas of opportunity and help determine the value of the company to be acquired. Likewise, in representing the acquirer, we prepare the legal documentation of the operation (specifically contracts for the sale of shares and/or association, with all its annexes and accessory contracts), and we carry out their negotiation with the counterparty. Likewise, in these cases we participate directly in the processing and obtaining of any authorizations, permits, licenses and concession titles required for the operation of our clients, and we advise on notices and notifications to government entities, including notifications of resolutions and opinions of the Federal Economic Competition Commission.

We provide advisory services for corporate restructuring and reorganization, also including international corporate groups with a presence in Mexico. In these cases we have worked in coordination with groups of financial and accounting advisors both from Mexico and abroad, and we have coordinated legal audits of subsidiaries of entities acquired in several Latin American countries (Argentina, Brazil, Chile, Colombia and Peru, among others, with local legal advisers in each case).

We advise on operations of association in participation, "joint-ventures", preparation and negotiation of agreements between shareholders, merger and spin-off of legal entities, establishment of trusts of any type, constitution of guarantees on any type of property, repurchase of shares by of companies listed on the Mexican Stock Exchange, as well as in the structure of purchase option plans and other types of specialized corporate operations.

We also provide services for the development of mechanisms that allow the efficient and effective anticipation and management of potential conflicts between shareholders; in this regard, we have represented groups of shareholders of Mexican companies in the implementation of corporate actions to defend their interests against the rest of the shareholders and the Company itself on internal corporate control issues, generally in coordination with litigation areas in matters commercial and civil.

Depending on each particular project or operation, we rely on other specialty areas of the Firm, in order to provide comprehensive services, under the highest standards of quality and efficiency.

Mergers & Acquisitions

We provide services in acquisitions, sales, mergers, spin-offs, reorganizations and co-investments, representing national and foreign clients operating in various industrial and commercial sectors.

Restructuring (Corporate and Financial)

Müggenburg, Gorches and Peñalosa's restructuring practice includes representation of corporate debtors, hedge funds, in various industries, etc., in restructuring proceedings and bankruptcy equivalents (insolvency proceedings).