By: LUIS G. RESÉNDIZ
Federal Law for the Protection of Personal Data in Possession of Private Individuals or Entities
By now all entities or individuals covered by the Federal Law for the Protection of Personal Data in Possession of Private Individuals or Entities (the Privacy Law) must have taken the steps necessary to comply with the Privacy Law. In general, the Privacy Law applies to all private individuals or entities (the Processor) that obtain, use, divulge, or store personal data of third party individuals (the Owners), unless the Processor (i) are credit bureaus acting under the laws regulating them or (ii) collect and store personal data exclusively for personal use and without the purpose of divulging it or using it for commercial purposes. The Processor’s obligations under the Privacy Law include the following:
- Designating an individual or department in charge of securing the protection of the personal data obtained by the Processor and to attend requests from the Owners of the private information.
- Prepare and deliver to each Owner a privacy notice (the Privacy Notice). The Privacy Notice must comply with a number of requirements mandated by the Privacy Law.
- Obtain the consent of the Owner to use “sensible” information, if any.
- Limit the use of the personal data collected to those uses listed in the Privacy Notice.
- See that the personal data in its databases is pertinent, correct and current for the purposes the data was collected.
There is a disagreement between practitioners as to whether the Privacy Law applies to all employers or only to those that may use the personal information collected for purposes other than personal use or to divulge it or use it for commercial purposes. Hopefully the regulations to the Privacy Law (which were due this past July) will clarify this once they are published.
The Privacy Law includes penalties that may be very severe for failing to comply (e.g. fines that may range from the equivalent of 100 minimum salaries in Mexico City ($429 dollars as of December 15, 2011) to 640,000 minimum salaries in Mexico City (about $2,746,162 dollars as of December 28, 2011) if the violation involves sensible data, or possible imprisonment for some willful violations). Therefore, it is recommended that all companies take the steps necessary to comply with the provisions of the Privacy Law.
The minimum wage for 2012 will increase by 4.2%. The daily minimum wages for 2012 will be: zone A 62.33 pesos; zone B 60.57 pesos; and zone C 59.08 pesos. Even though few workers receive minimum wages anymore, this increase is also relevant because it sets the expectations of unions and non-union workers when they negotiate the increase on their salary for next year.
The Mexican Institute of Social Security (IMSS) provides medical assistance and other basic social services. Employers must register their employees with IMSS and employers (as well as employees) must pay fees to IMSS. Employers must determine their classification for purposes of calculating the occupational hazard insurance fee; i.e. employers must determine where the activities that the employees will perform fit within the occupational hazard tables. The amounts of the fees payable to IMSS will depend, in part, in such classification.
Over the last few months, IMSS has been sending letters to employers inviting them to participate in a voluntary program to verify their classification. If the invitation is accepted, the employer will have to provide documents and information requested by IMSS.
Employers who receive this invitation must be careful. Employers that accept the invitation and then are unable to produce the information required by IMSS or are otherwise unable to justify the classification reported to IMSS, will likely have to pay higher fees.