MEXICO: New Privacy Notice Guidelines were introduced April 17, 2013, specifying the format and contents of privacy notices required for the direct or automated collection of personal data.
Compliance with the Guidelines is mandatory and no exemptions are available. They will be particularly important to businesses operating in the jurisdiction processing personal data of its employees, customers and/or vendors, and/or website operators placing cookies in Mexico. The Instituto Federal de Acceso a la Información y Protección de Datos (IFAI) is already exercising its enforcement powers, including the issuing of monetary penalties. In December 2012, the IFAI fined a Mexican pharmaceutical company a total of 2 million Mexican pesos (approximately US$162,000), giving a clear indication of its actions on data privacy violations.
COLOMBIA: Following the lead of Costa Rica and Peru, Colombian Law No. 1581, having introduced its first data protection frameworks in March this year, came into force April 18, 2013. The new law covers, among other matters, notice and consent requirements, cross-border data transfers, and the processing of children's personal data. In a vein similar to the IFAI in Mexico, the new Colombian data protection regime is supported by serious sanctions, which include monetary penalties of up to US$650,000, up to six-month trading suspensions, and even temporary or permanent closure of business operations for persistent violations.