Mexico's Draconian New Privacy Law

Discussion in 'In The News' started by Jester, May 2, 2011.

  1. Jester

    Jester VIP

    Joined:
    Apr 28, 2011
    Messages:
    76
    Likes Received:
    1
    Trophy Points:
    0

    Mexico has recently passed a federal law regulating the protection of personal data (LFPDPPP in Spanish). The result is seen by observers as harkening more towards the tightly controlled bureaucratic European model than the relatively laissez-faire structure adopted by equivalent legislation in the United States.

    To comprehend the new Mexican law in its most stringent application, let’s take the example of an email marketer with a subscriber in Nezahualcoyotl. This customer filled out your standard newsletter signup form and then proceeded to order a product, paying for it through their credit card. Your subsidiary in Germany shares your customer database and some Berlin hacker manages to get the Mexican client’s data file. The violations of the LFPDPPP in this case are staggering. First of all, you did not notify the customer that your database is shared with your subsidiaries in Germany (and Japan and Australia and Britain, etc.) If you can get past that problem you now have to acknowledge that their credit card information is sensitive (or is it… it’s up to future court challenges) therefore you had no right to collect it without getting the Mexican customer’s actual ink on paper signature (not faxed or scanned) in your hands first.

    Even if the hacker is unsuccessful and the customer does not provide any sensitive credit card or other information, the Mexican citizen might still request a complete deletion of their online records. Simply hitting Delete on your SQL file is not going to do much, as complete deletion is being interpreted as being erasure from all of your systems. This includes all your backups (and many servers back up several times a day) and all of the systems and backups in your subsidiaries in Berlin, Tokyo, Sydney, London and more. If your servers archive all their backups and they collect their data just once a day, you’re looking at making 365 deletions in each of your corporate and subsidiaries’ backup media for each year the client was on your systems.

    Since this legislation is so new, it is certain to be challenged in the Mexican courts and may be modified along the way. As it now sits it seems to provide for a penalty of up to $3.2 million and ten years in prison for every single credit card number and/or bit of sensitive data that leaks out of your company about its Mexican customers. Given that the recent Sony Playstation breach may have exposed more than 77 million of these sensitive records, the repercussions in Mexico alone would be monumental..


    :laugh::laugh:

    Originally Posted:
    http://www.benchmarkemail.com/blogs/detail/mexicos-new-draconian-personal-data-protection-law

    P.S. So we don't drink the water, NOR run any geo-targets to Mexico and collect data. Please make a mental note
     
    Last edited: May 2, 2011
  2. PushSend

    PushSend VIP

    Joined:
    Apr 12, 2011
    Messages:
    1,927
    Likes Received:
    141
    Trophy Points:
    63
    Location:
    Paradise
    Wait.....Mexicans have courts??

    :eek:
     
  3. JohnFarrell

    JohnFarrell VIP

    Joined:
    Apr 13, 2011
    Messages:
    828
    Likes Received:
    35
    Trophy Points:
    0
    For poor people lol
     

Share This Page