Law: Federal Law on Protection of Personal Data Held by Private Parties ('FLPPDPP'), Regulations to the Federal Law on Protection of Personal Data Held by Private Parties ('the Regulations')
Regulator: National Institute for Access to Information and Protection of Personal Data ('INAI')
Summary: The FLPPDPP, the Regulations, and the Guidelines on Privacy Notices ('the Guidelines') (only available in Spanish here) establish the principles and minimum standards for processing personal data and form the bases of the regulatory framework for the protection of personal data in Mexico's private sector. There are also sector-specific laws in the financial services and health and pharmaceutical sectors. Notably, under the current legislative framework there is no requirement to inform the INAI or any other state authority when a data breach occurs.