With increasingly complex privacy and security laws, companies face significant compliance challenges, legal responsibilities and litigation risks in relation to processing personal data. A breach of personally identifiable information can lead to disastrous public relations and costly financial and legal implications. Virtually every organization now needs to knowledgeably manage and safeguard personal information, and to evaluate and address privacy and data security needs before problems arise.

At Arochi & Lindner, we provide pragmatic and business focused advice. We work with companies of all sizes. Our practice covers the full range of services related to managing data privacy and protection, including: data protection audits and information security assessments; data protection registration requirements advice; data compliance policies and programs design and implementation; data commercialization strategies; licensing and data-sharing agreements; responses to security breach incidents; and litigating privacy-related disputes. In addition, our team of experienced lawyers helps clients take advantage of the growing number of opportunities around data, helping them commercialize it in a practical, cost-effective, and legally compliant manner.

Privacy compliance and counseling

We provide practical legal and technical solutions to help clients comply with the full range of privacy, security and data protection laws and regulations. Our comprehensive approach covers the performance of preventative audits, formulates advisories and policies on privacy, training of personnel, and legal support for addressing complaints filed before the authorities.

Preventing and preparing for a data breach

We provide legal advice to help prevent data breaches and minimize the potential for breaches by developing, updating and ensuring compliance with information security and privacy policies; analyzing potential internal and external threats to data security and developing counter-strategies; creating breach response plans that identify internal and external resources and consider potential shareholder and liability issues.

Responding to a data breach

We help the moment a breach is discovered by assisting in investigating the breach’s source and extent and by identifying remedial solutions; ensuring compliance with notice and reporting obligations under the law; protecting your interests while collaborating with law enforcement and regulators.

Restoring compliance after a data breach

We assist with implementing the lessons learned and ensuring compliance with laws, regulations and internal policies by identifying any internal practices inconsistent with applicable policies or legal requirements and recommending appropriate changes; helping in developing and maintaining internal policies that comply with the law and ensure effective employee training and oversight.

Workplace privacy

We provide legal counseling to employers on workplace privacy related topics, including developing and implementing policies addressing employees’ social media use, employees’ use of personal mobile devices at work and for work-related purposes; disciplinary action policies; protecting trade secrets and other confidential information from employee disclosure.

International data protection & privacy

We advise companies operating across borders on how to manage the challenges of complying with multiple laws and managing privacy and security risks on a global scale. Provide practical advice on complying with domestic and international data protection laws, drafting trans-border data flow agreements, developing licensing and data-sharing agreements and protecting against domestic and cross-border data breaches.

Personal data protection is a relatively new topic in Mexico. The discussion really took hold in 2010 with the entry into force of the Mexican Federal Law on the Protection of Personal Data in Possession of Private Parties (LFPDPPP by its Spanish acronym), which is intended to protect personal data belonging to individual and corporate entities, regulate the treatment, guarantee the privacy, and to informational self-determination. The topic of data protection reemerged in 2012 when citizens were granted the right to demand protection of their personal data and exercise their rights to Access, remedy, cancellation and opposition (ARCO rights).

However, in recent years, personal data protection has assumed greater relevance, in part due to the measures taken by the National Institute of Transparency, Access to

Information, and Personal Data Protection Data (INAI by its Spanish acronym), including new provisions for company inspections, which result in significant sanctions imposed on those who do not comply with said law. The lack of knowledge about issues relating to principles regulating the treatment of personal data, as well as lack of clear mechanism for enforcing ARCO rights, has led to the sanctioning of several companies and to an increased tendency of violations of personal data protection rights.

The Privacy and Personal Data practice at Arochi & Lindner provides counsel in everything related to the Federal Law on the Protection of Personal Data in Possession of Private Parties, for the purposes of preventing, to the greatest extent possible, future incidents deemed in violation of relevant Law from reoccurring.