On February 4, 2014, the Mexican data protection authority, the Institute of Access to Information and Data Protection (IFAI), issued a statement to Bloomberg BNA announcing it anticipates issuing an abundance of fines in 2014 following an unprecedented increase in violations of Mexico’s Federal Law on the Protection of Personal Data in the Possession of Private Parties (the Federal Law).
Article 64 of the Federal Law empowers the IFAI to issue fines from 100 to 320,000 the times the Mexico City minimum wage (approximately US$480 to US$1,534,275 for violation of the Federal Law. In addition to monetary penalties, three months to three years imprisonment may be imposed on data controllers for any security breach of databases under their control. Such sanctions above can be doubled twice again for violations concerning sensitive data.
IFAI President Gerardo Laveaga stated that a number of new investigations have been opened, following a 20% increase in the number of data-protection complaints from individuals from 2012 to 2013. The IFAI issued fines totalling 50 million pesos ($3.7 million) in 2013, a figure that is set to markedly increase for 2014. This included the $1 million fine levied against the bank Banamex and the $500,000 fine imposed on cellular company Telcel. The IFAI reported that it intends to challenge all appealed 2013 fines, which will likely swell the coffers of the IFAI in 2014 even further. Organisations should take heed; evidently the IFAI is increasingly willing to show its teeth to enforce compliance with the Federal Law.