With increasingly complex privacy and security laws, companies face significant compliance challenges, legal responsibilities, and litigation risks in relation to processing personal data. A breach of personally identifiable information can lead to disastrous public relations and costly financial and legal implications. Virtually every organization now needs to knowledgeably manage and safeguard personal information and to evaluate and address privacy and data security needs before problems arise.

At Arochi & Lindner, we provide pragmatic and business focused advice. We work with companies of all sizes. Our practice offers advising on all services related to privacy and data protection management, including information security audits and assessments; guidance on personal data registration requirements; design and implementation of policies and programs for the processing and storage of personal data; conducting analyses and strategies to forward or transfer personal data in compliance with the law; responding to security breach incidents, and litigating disputes related to privacy and the processing of personal data. Moreover, our team of experienced lawyers provides clients with strategies that allow them to take advantage of the enormous opportunities that a proper treatment of personal data can provide, helping them to translate that information in a practical and cost-effective manner in accordance with local and international regulations.

Privacy compliance and counseling

We provide practical legal and technical solutions to help clients comply with the full range of privacy, security and data protection laws and regulations. Our comprehensive approach covers the performance of preventative audits, formulates advisories and policies on privacy, training of personnel, and legal support for addressing complaints filed before the authorities.

Preventing and preparing for a data breach

We provide legal advice to help prevent data breaches and minimize the potential for breaches by developing, updating and ensuring compliance with information security and privacy policies; analyzing potential internal and external threats to data security and developing counter-strategies; creating breach response plans that identify internal and external resources and consider potential shareholder and liability issues.

Responding to a data breach

We help the moment a breach is discovered by assisting in investigating the breach’s source and extent and by identifying remedial solutions; ensuring compliance with notice and reporting obligations under the law; protecting your interests while collaborating with law enforcement and regulators.

Restoring compliance after a data breach

We assist with implementing the lessons learned and ensuring compliance with laws, regulations and internal policies by identifying any internal practices inconsistent with applicable policies or legal requirements and recommending appropriate changes; helping in developing and maintaining internal policies that comply with the law and ensure effective employee training and oversight.

Workplace privacy

We provide legal counseling to employers on workplace privacy related topics, including developing and implementing policies addressing employees’ social media use, employees’ use of personal mobile devices at work and for work-related purposes; disciplinary action policies; protecting trade secrets and other confidential information from employee disclosure.

International data protection & privacy

We advise companies operating across borders on how to manage the challenges of complying with multiple laws and managing privacy and security risks on a global scale. Provide practical advice on complying with domestic and international data protection laws, drafting trans-border data flow agreements, developing licensing and data-sharing agreements and protecting against domestic and cross-border data breaches.

Personal data protection is a relatively new topic in Mexico. The discussion really took hold in 2010 with the entry into force of the Mexican Federal Law on the Protection of Personal Data in Possession of Private Parties (LFPDPPP by its Spanish acronym), which is intended to protect personal data belonging to individual and corporate entities, regulate the treatment, guarantee the privacy, and to informational self-determination. The topic of data protection reemerged in 2012 when citizens were granted the right to demand protection of their personal data and exercise their rights to Access, remedy, cancellation and opposition (ARCO rights).

However, in recent years, personal data protection has assumed greater relevance, in part due to the measures taken by the National Institute of Transparency, Access to

Information, and Personal Data Protection Data (INAI by its Spanish acronym), including new provisions for company inspections, which result in significant sanctions imposed on those who do not comply with said law. The lack of knowledge about issues relating to principles regulating the treatment of personal data, as well as lack of clear mechanism for enforcing ARCO rights, has led to the sanctioning of several companies and to an increased tendency of violations of personal data protection rights.

The Privacy and Personal Data practice at Arochi & Lindner provides counsel in everything related to the Federal Law on the Protection of Personal Data in Possession of Private Parties, for the purposes of preventing, to the greatest extent possible, future incidents deemed in violation of relevant Law from reoccurring.