Mexico City, September 15th, 2021.


In addition to the lack of awareness on the importance of personal data security, for a long time, companies and institutions have faced countless complications in maintaining security measures to protect personal data -a very valuable asset- against damage, loss, alteration, destruction, use, access, or unauthorized processing. In this regard, in order to support those responsible for and in charge of processing personal data so that they comply with the security duty provided in our legislation.

The National Institute of Transparency, Access to Information and Protection of Personal Data («INAI») has prepared a «Toolkit of awareness of personal data security for those responsible for the Private Sector» with very concrete and practical information, which will allow them to promote a culture of respect for privacy, raise awareness among their employees about the importance of personal data protection, as well as avoid data breaches or any other threat to the security of information and personal data within their organizations.

Based on the idea that information security cannot be summarized in the implementation of users and passwords, but in the development and implementation of measures and policies to ensure both physical and logical data security, and considering that the authority has done hard work to promote a culture of respect for privacy and data protection and to inform companies in order to prevent violations, the INAI included in this «Toolkit» a series of best practices, explanatory notes and four modules that, in particular, are integrated as follows:

I. Personal data security:

  • What is it?
  • Information security and cybersecurity.
  • Obligations for those responsible for the processing of personal data.

II. Threats:

  • How to identify threats.
  • Implementation of security measures.

III. Vulnerations:

  • Types of vulnerabilities.
  • Proper management of breaches.
  • Obligations recognized in our legislation.

IV. Security measures:

  • Technical, physical, and administrative security measures.

The Toolkit contains an initial diagnostic evaluation, infographics, presentations, and a final evaluation, so that it is possible to confirm whether the company or organization has improved its awareness on personal data security. The same is available for consultation at:

Lastly, it is important to remember that the 43rd Global Privacy Assembly 2021 (GPA) will be held in Mexico in October. The development and publication of a tool such as the one mentioned above is pertinent and appropriate, since one of the main goals of such an Assembly is to interconnect efforts at the national, regional, and international levels, so that the authorities are in a position to better protect and promote privacy and data protection, as well as promoting that the highest standards on this matter are recognized in local regulations in a more homogeneous manner.

The GPA, formerly known as the International Conference of Data Protection and Privacy Commissioners (ICDPPC), is an international forum that met for the first time in 1979 and for more than four decades, has been the main global forum on the subject.

This year, Mexico will host this outstanding global forum, which will bring together more than 130 privacy and data protection authorities and is expected to serve as a tool to disseminate knowledge and support efforts at the national and international levels.

The lawyers in the personal data protection and information technologies area at the firm, remain at your service for any related matter.


S I N C E R E L Y,


Adolfo Athié


Renata Buerón


Erika Rodríguez


María Fernanda González