EPIC --- Privacy and Human Rights Report
|Title Page Previous Next Contents | Country Reports >United Mexican States|
The Constitution protects the right to privacy, which traditionally includes the inviolability of the domicile and correspondence. The Constitution protects the person, his/her family, documents or possessions, and the confidentiality of correspondence; the immunity can only be broken by written order of the competent authority (Article 16).
Article 16 of the Constitution of 1917 provides, in part:
One's person, family, home, papers or possessions may not be molested, except by virtue of a written order by a proper authority, based on and motivated by legal proceedings.
In all search warrants, that only the judicial authority will be able to produce, it must be written expressly the place to be inspected, the person or people to be arrested and the objects searched for, so as to limit to the stated issues the proceedings, and in concluding them, a detailed record must be written in the presence of two witnesses proposed by the occupant of the place that was inspected or in their absence or refusal, by the authority that practiced the proceedings.
Private communications are inviolable. The Law will provide a criminal sanction to any act that attempts against the freedom and privacy of private communications. Exclusively the federal judicial authority, at the request of the federal authority empowered by the law or by the holder of the Ministerio Público (Prosecutor Authority) of the corresponding federal entity, will be able to authorize the intervention of any private communication. The competent authority, in written, will have to find and motivate the legal causes of the request, and also the kind, the subjects, and the duration of the intervention. The federal judicial authority will not be able to grant these authorizations in issues of electoral, fiscal, mercantile, civil, labour, or administrative character, or in the case of the communications of the person under arrest with his/her defender.
The authorized interceptions will adjust to the requirements and limits anticipated in the law. The results of the interventions that do not fulfil these requirements will lack all value as evidence.
The administrative authority may make home visits only to certify compliance with sanitary and police rules; the presentation of books and papers indispensable to verify compliance with the fiscal laws may be required according to the respective laws and formalities prescribed for their inspection. Correspondence will be free from all inspection, and its violation will be punishable by law.
Currently, two proposals for Constitutional amendment have been proposed. The first, presented before the Senate, adds several paragraphs to article 16 of the Federal Constitution, expressly acknowledging the right to personal data protection as a fundamental right. The proposal passed the Senate during the last legislative session, and was introduced before the House of Representatives; however, the bill is still awaiting approval. The second proposal was introduced in March 2007. The bill modifies article 73 of the Constitution in order to grant to Congress the power to legislate on personal data protection held by private entities.
There are 34 federal laws that deal with privacy issues and personal data protection in Mexico. The most recent enactments are related to finance and banking, consumers' rights, credit information, telecommunications and national security. The Federal Law of Transparency and Access to the Government Public Information (LFTAIPG) standardized the principles under which the diverse organs of the State must process citizens' personal data, including especially the safeguard of the consent and purpose specification principles, and the guarantee of the rights of access and correction. However, the law lacks sufficient protections to provide greater levels of security for the processing of private data; better and suitable law enforcement mechanisms and authorities are needed.
There is not yet a comprehensive data protection law in Mexico. Provisions in the Federal Consumer Protection Law, however, place restrictions on direct marketing and credit reporting agencies. The first Mexican E-Commerce law took effect on May 29, 2000. The decree amended the Civil Code, the Commercial Code, the Federal Code of Civil Procedure, and the Federal Consumer Protection Law (FCPL), the Rules of Civil Procedure and the Consumer Protection Act. It covers consumer protection, privacy, digital signatures and electronic documents. The decree includes an article in the Federal Consumer Protection Law giving authority to the government "to provide for the effective protection of the consumer in electronic transactions or concluded by any other means, and the adequate use of the data he provides " (Article 1.VIII); and to coordinate the use of the Code of Ethics by providers, including the principles of this law. The decree also created a new chapter in the FCPL entitled: "Rights of Consumers in electronic transactions carried out through electronic or optical means or through any other technology."
Every professional is strictly obliged to keep the secrets of matters entrusted by his/her clients, except for the compulsory information set forth in other laws (Article 36 of the Regulation of Article 5 of the Federal Constitution pertaining to the Exercise of Professions in the Federal District (Ley Reglamentaria del Artículo 5 Constitucional)).
The Federal Consumer Protection Law (Ley Federal de Protección al Consumidor or FLCP) aims at protecting consumers who carry out transactions through the use of conventional, electronic, optic means, or any other technology (Section VIII, Article 1). The customer should always know the kind of personal data that the commercial providers have collected from him. This right includes free access to that data and the right to correct it, including the right to know who are the third party companies that know the customer's personal data (Article 16). Commercial messages or advertising sent to consumers should indicate the business's contact information and the name of the Procuraduría Federal del Consumidor (Consumers Protection Agency, or PROFECO) (Article 17). The consumer is entitled to directly opt out from any business's direct marketing scheme. PROFECO may develop, where applicable, a consumers' public registry listing all persons who opted out (Article 18). Businesses are prohibited from using consumers' personal information for marketing or advertising purposes if their names are on the PROFECO's opt-out list or if consumers have directly requested opt-out from them (Article 18bis). Businesses must protect the confidentiality of information that consumers provided to them. They shall not disclose it or transmit it to third parties except with the consumer's express written authorization (opt-in) or by petition of a judicial authority (Section I, Article 76bis). Authorities and tribunals are prohibited from obtaining information on merchants' private accounting systems (Article 42 of the Code of Commerce (Código de Comercio)).
People are entitled to have their data rectified when incomplete, inaccurate or obsolete, and have the right to complain before administrative and judicial authorities when the principle of confidentiality has been breached. The information and data disclosed by individuals for statistical purposes, or coming from civil or administrative registries, shall not be communicated in any nominative form. It shall not be used as evidence before any administrative or fiscal authority.
The General Population Act regulates the National Registry of Population and Personal Identification. The purpose of the Registry is to register all persons making up the country's population using data enabling their identity to be certified reliably. The aim is ultimately to issue the citizen's identity card, which will be the official document of identification, fully endorsing the data contained in it concerning the holder. When a person is incorporated in the National Registry of Population, an identification keyword is assigned to the citizen. This keyword is used to register and identify Mexicans on an individual basis. That identification has the particularity of conferring a unique code for each citizen with which one can have direct access to multiple personal data. A unique code increases the risk of file interconnection.
All documents and information provided by citizens to the Federal Electoral Registry shall be held strictly confidential and shall not be communicated or disclosed, except when the Federal Electoral Institute is a party in legal trials, remedies or proceedings and acts to comply with its legal obligations or upon the petition of a competent judge.
There have been six data and privacy bills presented by different Deputies and Senators of the Mexican Congress (Honorable Congreso de la Unión) since February 2001. The proposals are all modeled loosely on international data protection standards such as those found in the European Union Data Protection Directive, the Spanish Data Protection Law, the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data and the APEC Privacy Framework. The proposals include general data protection principles, the rights of data subjects, the obligations of data controllers and data users, and the supervisory authority. International transfer of personal information is prohibited to countries without adequate level of protection.
However, as of June 2007, no agreement has been reached on any of the initiatives among stakeholders and the different parliamentary groups of the Mexican Congress, and the outcome of such initiatives remains to be seen during the works of the Legislature of the Mexican Congress.
In April 2007, Commissioners of the Federal Institute of Access to Public Information unanimously approved the creation of a working group to develop a data protection bill. The Mexican Congress has organized workshops on data protection since 2003 with the participation of different stakeholders including government agencies, banking and financial groups, telecommunications and commercial chambers and academic groups with the purpose of discussing the impact of the proposed data protection bills.
On November 2-4, 2005, the Fourth Ibero-American Personal Data Protection Meeting (IV Encuentro Iberoamericano de Protección de Datos Personales) was held in Mexico City. As a result of this meeting, the participants issued a document entitled: “The Mexico Statement” (La Declaración de Mexico). It provides a list of nine conclusions: (i) the protection of personal data as a fundamental right; (ii) information technology demands; (iii) regulatory developments and globalization; (iv) the protection and security of medical data; (v) the Ibero-American Data Protection Network; (vi) fostering the development of a legislative framework on data protection in Mexico; (vii) the XXVIII Conference of Data Protection; (viii) cooperation between the Mexican DPA (Instituto Federal de Acceso a la Información Pública), the Spanish and the Argentinean DPA; and (ix) the creation of data protection working groups.
There is a National Authority of Personal Data only for the Federal Public Administration (President, Attorney General, Ministries and State-owned enterprises): the Federal Institute of Access to Public Information (IFAI, or Instituto Federal de Acceso a la Información Pública). Besides IFAI, there are multiple organs for the protection of data, belonging to different branches of the State, related to the right of access to public information. As it is now conceived, IFAI has no authority when the personal data is in the hands of private people or entities, even those destined to provide information.
Currently there are several separate governmental agencies dealing with personal financial data: the Ministry of Finance (SHCP), the Central Bank (BANXICO), the National Banking and Stock Exchange Commission (Comisión Nacional Bancaria y de Valores, or CNBV), the Financial Service Users Agency (CONDUSEF), the Consumers Agency (PROFECO), and the vast amount of public information offices (Unidades de Enlace) established after the enactment of the Transparency and Public Information Law (LFTAIPG). There are many other offices as well.
IFAI has issued a data protection guideline, as well as security recommendations for the protection of personal data held in databases of the Federal Executive Branch. The aim is for public agencies to comply with internationally data protection standards.
The 1939 General Means of Communication Law (Ley de Vías Generales de Comunicación), provides penalties for interrupting communications and divulging secrets. Article 383 of this law provides that employees and civil servants devoted to the service of electric communications are obliged to keep absolutely secret the content of the messages whose transmission or reception has been under their supervision, or of those messages that they know by virtue of their job; as well as not to disclose any information pertaining to such messages other than the signatories, recipients or a competent authority.
The information transmitted through networks and telecommunication services shall be kept confidential except for the information that by its own nature is considered public or where there is an order from a competent authority (Article 49 of the Federal Telecommunications Law (Ley Federal de Telecomunicaciones)). It is strictly prohibited to intercept, disclose or make use of messages, news or information that are not for the public domain and are received through radio communication devices (Article 66 of the Federal Law of Radio and Television (Ley Federal de Radio y Televisión)).
In 1981, the Penal Code was amended to include the interception of telephone calls by third parties. There are penalties for disclosing by any means, including personal mail, any secret or confidential communication known or received by virtue of employment, occupation or position, and the sanction may vary depending on whether the person renders professional or technical services, whether the person is a functionary or public official, or whether the secret disclosed or published may be of industrial character. There are sanctions that range from six to 12 years of imprisonment and fines of 300 to 600 days of salary for those who reveal, disclose, or unduly use to the detriment of others, information or images obtained during the interception of a private communication (Articles 210, 211 and 211bis of the Federal Criminal Code (Código Penal Federal)).
The Federal Law Against Organized Crime (Ley Federal contra la Delincuencia Organizada) passed on November 7, 1996, allows for electronic surveillance with a judicial order and details the conditions in which a judicial authority might authorize the interception of private communications (Articles 16-28). Authorities, officials and persons involved in the interception of private communications shall strictly keep the confidentiality of their content. Also, the law provides fines and imprisonment sanctions to public officials and employees that reveal, disclose or improperly use against the prejudice of another person information or images obtained in the course of an interception of private communications whether authorized or not. The law prohibits electronic surveillance in cases of electoral, civil, commercial, labor, or administrative matters and expands protection against unauthorized surveillance to cover all private means of communications, not merely telephone calls. The Federal Law against Organized Crime has been widely criticized by Mexican human rights organizations as violating Article 16 of the Constitution.
According to the US State Department, although the law protects against unauthorized interceptions, searches and seizures, authorities occasionally disregarded legal prohibitions. The Mexican National Commission of Human Rights received 206 complaints of illegal searches from January to October 2006.
The Law of Protection and Defense of the User of Financial Services (LPDUSF) provides the legal framework for the protection and defense of the rights and interests of users of financial services rendered by private and public institutions duly authorized, as well as those rendered by the social sector. This law also regulates the organization, procedures and functioning of the National Commission for the Protection and Defense of Users of Financial Services (CONDUSEF), which is in charge of promoting, advising, protecting, and defending the rights and interests of users before financial institutions; judging their conflicts on an impartial basis, and promoting legal equity in the relations between them.
The LPDUSF protects the disclosure of the banking, fiduciary and securities secrets by mandating the CONDUSEF maintain strict reserve on the information and documents that the CONDUSEF may know as part of its duties and that is related to deposits, services or any other kind of transactions carried out by financial institutions. CONDUSEF shall be legally entitled to provide information only in case such information or documents is requested by a judicial authority, and by virtue of a sentence duly resolved in trial.
Public functionaries of the National Commission are personally liable for breaching the duty of confidentiality or secrecy provided in Article 13 of the LPDUSF, obliging them to repair any damage and loss caused as a result of disclosing banking, fiduciary or securities secrets (Articles 14-15). There are other laws protecting the disclosure of the banking, fiduciary and securities secret. A public official involved in matters related to the application and interpretation of taxes must keep all declarations and data provided by tax contributors or third parties confidential (Article 17-D, 17-J and 69, Fiscal Code of the Federation (Código Fiscal de la Federación)).
The United States-Mexican border has been an area of increased surveillance. Mexican authorities now routinely perform "security sweeps" of homes in areas bordering the United States. On the United States side, biometric facial recognition systems have been implemented by the Immigration and Naturalization Service at the Mesa de Otay border crossing (San Diego-Tijuana) for frequent United States commuters to Mexican maquiladora factories. The biometric data is stored with driver's license numbers, vehicle registration numbers and passport status information in an INS database. When a commuter in the program approaches the United States border, a transponder under his vehicle sends a signal to the checkpoint booth, activating the database and displaying the driver's image. Other commuters use a voice-activated device in addition to the facial scan.
In February 2007, the Mexican Advertising Internet Association (AMIPCI) released its trustmark, “Sello de Confianza AMIPCI.” The trustmark seeks to enhance security on e-commerce transactions and represents an acknowledgement that institutions and businesses adhering to AMIPCI’s trustmark: (i) are legally established and located in Mexico, (ii) their websites are trustworthy and ethical responsible; and (iii) comply with privacy and information policies based on international privacy guidelines. The Sello de Confianza AMIPCI promotes the compliance of AMIPCI’s ethical code, articles 16, 17, 18 bis and 76 bis of the FCPL and the APEC Privacy Framework. The Consumer Protection Agency (PROFECO) and the Ministry of Economy (Secretaría de Economía) were involved in the drafting and fully endorse that trustmark.
There are currently no public interest organizations specializing exclusively in advocacy and legal protection of privacy rights. There are, on the other hand, various associations and centers dedicated to the study, publication and promotion of transparency, right to know and access to public information.
The Federal Law of Transparency and Access to Public Government Information (Ley Federal de Transparencia y Acceso a la Información Pública Gubernamental, or FLTAIPG), in force since June 12, 2003, guarantees access to all interested individuals to the information in possession of the three branches (legislative, executive and judicial) of the Federal Union of Mexico; the constitutional autonomous entities (such as the Comisión Nacional de Derechos Humanos (National Commission for Human Rights), the Banco de México, and the Instituto Federal Electoral); or the entities with legal autonomy (such as IFAI or the Auditoría Superior de la Federación); as well as any other federal entity. This law is compulsory for all federal public officials.
The FLTAIPG established a new government entity the Federal Institute of Access to Public Information (IFAI, or Instituto Federal de Acceso a la Información) to supervise the implementation of the law and promote the right to access information. It also adjudicates on the petitions regarding access to information and the protection of personal data in the possession of government entities and agencies. IFAI is also responsible for ensuring compliance with the privacy and data protection provisions of the FLTAIPG.
The main contribution of the LFTAIPG has been to standardize the principles under which the diverse organs of the State shall manage citizen's personal data. The law also safeguards the principles of notice, consent, and purpose specification, and guarantees the rights of access and correction. However, the law lacks sufficient guarantees to protect the security of data processing activities, and lacks adequate enforcement mechanisms. After the LFTAIPG was enacted, new related laws were enacted as well, for all the branches of Government.
There are administrative and judicial instances to enforce the law regarding access to government public information and personal data. In order to guarantee the minimum rights written down in the law, there are procedures to access and correct personal data, as well as to appeal for review, in both cases before an administrative instance. The data subject can use the Juicio de Amparo a safe, fast and effective procedure for persons to safeguard their constitutional individual, or an ordinary civil procedure before a court. If the Federal Personal Data Protection Law is enacted, it will introduce a procedural action, known in other countries as habeas data, from which shall derive administrative actions, and new procedures within the judicial system (Juzgados de Distrito), as well as new associated criminal provisions.
State Data Protection
On June 14, 2003, the Constitutional Congress of the State of Colima enacted a Personal Data Protection Law. The purpose of the law is to protect and guarantee the protection of personal data as a fundamental human right. Colima is the first state that has enacted a privacy and data protection legislation in the Mexican Republic. Colima's Data Protection Law has been in full effect since June 15, 2003, but its provisions have not yet been interpreted by Colima's local courts or by the Supreme Court.
The state of Jalisco introduced reforms to the state Civil Code in 2005 in order to regulate the protection of personal data, including data contained in electronic registries of private entities. Chapter III of the Civil Code of the State of Jalisco entitled “On Private Information” contains 39 provisions, which specifically regulate the protection of personal information of citizens residing in that State.
The provisions of this Code contain definitions on private information, personal data, electronic data; data subject rights, data purpose; personal data registry; data collection obligations; the prohibition to collect, process and transfer sensitive personal data; obligations on the collection of patient medical data; obligations on security safeguards of personal data; the confidentiality of professional secrets; obligations to inform about the destination and transfer of personal information; consent to the transfer of personal information; the right to request access to personal data contained in private registries and archives; terms and conditions to modify, correct, update or cancel personal data; data preservation obligations; financial and credit data obligations; and third party data transfer conditions.
Mexico has signed and ratified the Universal Declaration of Human Rights, the International Covenant Civil and Political Rights, and the American Convention on Human Rights. Mexico has signed the United Nations (UN) Guidelines for the Regulation of Computerized Personal Data Files.
Mexico is a member of the Organization for Economic Cooperation and Development (OECD) and the International Telecommunications Union (ITU). Mexico has participated in the Asia-Pacific Economic Cooperation’s (APEC) privacy initiative. Mexico is also participating in the International Implementation of the APEC Privacy Framework and development of Cross-Border Privacy Rules. Mexico chairs the Electronic Commerce Steering Group (ECSG), through the Ministry of Finance, in which the Privacy Subgroup resides.
 Constitución Política de los Estados Unidos Mexicanos [Const.], available at <http://www.diputados.gob.mx/LeyesBiblio/pdf/1.pdf> (in Spanish).
 Proyecto de
Decreto por el cual se adicionan dos párrafos al Artículo 16 de la
Constitución Política de los Estados Unidos Mexicanos [Decree
Project that modify Article 16 of the Political Constitution of the United
Mexican States], available at <http://www.senado.gob.mx/sgsp/gaceta/index2.php?sesion=2006/04/18/1&documento=36>
 Iniciativa que Reforma el Artículo 73 de la Constitución Política de los Estados Unidos Mexicanos, suscrita por diputados del Grupo Parlamentario del PAN [Initiative that reforms Article 73 of the Political Constitution of the United Mexican States, subscribed by the deputies of the PAN Parliamentary Group], July 27, available at <http://gaceta.diputados.gob.mx/>.
 The Federal
legislation is available on the website of the Mexican House of Representatives,
Honorable Congress of the Union at
 Ley Federal de Transparencia y Acceso a la Información Pública [Federal Law of Transparency and Access to the Government Public Information], June 11, 2002, available at <http://www.ifai.org.mx/transparencia/LFTAIPG.pdf>.
 The new Article 76 now provides: "This article will be applied to the relation between providers and consumers in transactions effectuated by electronics means. The following principles must be observed: (I) Providers shall use information provided by consumers in a confidential manner, and shall not be able to transfer it to third parties, unless there is express consent from the consumer or a requirement from a public authority. (II) Providers must use technical measures to provide security and confidentiality to the information submitted by the consumer, and notify the consumer, before the transaction, of the characteristics of the system. . . . (VI) Providers must respect consumer decisions not to receive commercial solicitations."
 Ley Reglamentaria del Artículo 5 Constitucional, available at <http://www.senado.gob.mx/comisiones/LX/canaldelcongreso/content/marco_especifico/docs/e/8.pdf>.
 Ley Federal
de Protección al Consumidor [Consumer Protection Federal Law], available
at <http://www.diputados.gob.mx/LeyesBiblio/pdf/113.pdf> (in
 Código de Comercio, available at <http://www.diputados.gob.mx/LeyesBiblio/index.htm> (in Spanish).
 Ley de
Información Estadística y Geográfica [Geographic and
Statistics Information Law] at Art. 37
 Id. at Art. 38.
 Ley General
de Población [General Population Law]
<http://www.diputados.gob.mx/LeyesBiblio/pdf/140.pdf> (in Spanish).
 See United Nations Commission on Human Rights, "Question of the follow-up to the guidelines for the regulation of computerized personal data files: report of the Secretary-General prepared pursuant to Commission decision 1995/114," available at <http://www.hri.ca/fortherecord1997/documentation/commission/e-cn4-1997-67.htm>.
 The keyword is called "Unique Key-Word of the Population Registry" (Clave Única del Registro de Población, or CURP).
 Portugal and Argentina, which suffered military dictatorial regimes, prohibited such personal identification numbers unless the number was to be associated by itself with particular individuals. France also prohibits the interconnection of files.
 Código Federal de Instituciones y Procedimientos Electorales [Federal Code of Institutions and Electoral Proceedings] <http://www.diputados.gob.mx/LeyesBiblio/pdf/5.pdf>.
 One bill issued by Representative Luis Miguel Barbosa Huerta (PRD); another by Senator Antonio García Torres (PRI), and the latest amended version of Senator García Torres's bill. See <http://gaceta.diputados.gob.mx/> and see <http://www.senado.gob.mx/sgsp/gaceta/60/1/2006-10-24-1/assets/documentos/pendientes_dictamen.pdf>. See also The Initiative for a Federal Data Protection Law presented by Deputy Jesús Martínez Álvarez from Convergencia Party, on December 1st, 2005; the initiative for a Federal Data Protection Law, presented by Deputy David Hernández from PRI, on February 23, 2006, and the initiative for a Federal Data Protection Law, presented by Deputy Sheyla Fabiola Aragón Cortés, from PAN, on March 22, 2006. See <http://gaceta.diputados.gob.mx/> (in Spanish).
 ACT of April 25, 2007, available at <http://www.ifai.org.mx/textos/acuerdos/acta250407.pdf> (in Spanish).
 This meeting was convoked by Red Iberoamericana de Protección de Datos and organized by the Agencia Española de Protección de Datos (AEPD), Dirección Nacional de Protección de Datos del Ministerio de Justicia y Derechos Humanos de la República Argentina (DNPD), Instituto Federal de Acceso a la Información Pública (IFAI), the LV Legislatura del Estado de México and the Instituto de Transparencia y Acceso a la Información Pública del Estado de México. The presentation documents and memorials of this meeting are available at <http://www.ifai.org.mx/eventos/2005/enc_Ibero/programa.htm> (in Spanish).
 The Mexico Statement (La Declaración de México, Huixquilucan, November 4, 2005) is available at
<https://www.agpd.es/index.php?idSeccion=518> (in Spanish).
 Pursuant to Ley Orgánica de la Administración Pública Federal, Article 26, there are 18 Secretarias (Ministries) and one Consejeria Juridica in the Central Public Administration. There are also the Administracion Publica Paraestatal (decentralized organs, corporations with public investment, national banks, national credit organizations, national insurance and guarantees organizations, trusts). See also <http://www.ifai.org.mx/lisdap//listado.pdf>.
 Data Protection Guidelines for the Federal Executive Branch, available at <http://www.ifai.org.mx/transparencia/lineamientos_protdaper.pdf> and <http://www.ifai.org.mx/datos_personales/seguridad/Recomendaciones_SDP.pdf> (in Spanish).
 Ley de Vías Generales de Comunicación, December 30, 1939, at Articles 571, 576, 578, available at <http://www.diputados.gob.mx/LeyesBiblio/pdf/73.pdf> (in Spanish).
 Ley Federal
de Telecomunicaciones [Federal Law of Telecommunications], June 5, 1995,
available at <http://www.diputados.gob.mx/LeyesBiblio/pdf/118.pdf> (in
 Ley Federal de Radio y Televisión [Federal Law of Radio and Televisión], available at <http://www.senado.gob.mx/comisiones/LX/canaldelcongreso/content/marco_especifico/docs/e/8.pdf> (in Spanish).
 Código Penal Federal [Federal Criminal Code] <http://www.diputados.gob.mx/LeyesBiblio/pdf/9.pdf> (in Spanish).
 Ley Federal
contra la Delincuencia Organizada [Federal Law Against Organized Crime],
 ("Exigen siete ONG la renuncia del titular de Seguridad Publica," La Jornada, October 7, 1997.). They noted that the ruling party Partido Revolucionario Institucional (PRI) "to keep the opposition in check" had historically used telephone espionage ("Con la reforma anticrimen, el espionaje entraría a la Constitución," La Jornada, April 28, 1996). There are numerous reports of illegal wiretapping. In September 2001, 13 people were arrested on suspicion of involvement in the illegal wiretapping of state government employees and former employees. The wiretapping was allegedly run out of the state governor's office, which has denied any involvement (United States Department of State, Country Report on Human Rights Practices 2001, March 2002, available at <http://www.state.gov/g/drl/rls/hrrpt/2001/>). In December 2000, President Vicente Fox formed a committee to review the practices of CISEN, the Government civilian intelligence agency, following allegations of illegal phone tapping. In March 1998, a large cache of government electronic eavesdropping equipment that had been used since 1991 to spy on members of opposition political parties, human rights groups and journalists was discovered in Campeche ("Spy Network Stuns Mexicans, Raid Opens Door to Exposure of Government Snooping," The Washington Post, April 13, 1998). Thousands of pages of transcripts of telephone conversations were uncovered along with receipts for USD 1.2 million in Israeli surveillance equipment. More than a dozen other cases of government espionage in four other states were exposed, ranging from hidden microphones and cameras found in government offices in Mexico City to tapes of a state governor's telephone calls. Every government agency identified with the electronic surveillance operations – the federal attorney general and interior ministry, the military, the national security agency and a plethora of state institutions – denied knowing anything about them ("Anger as Big Brother Spy Tactics Exposed," The Guardian (London), April 14, 1998). Since he was elected, President Fox promised to eliminate the security police division that is responsible for much of the illegal government wiretapping in Mexico.
 US State Department Human Rights Report 2006 – Mexico, available at <http://www.state.gov/g/drl/rls/hrrpt/2006/78898.htm>.
 Ley de Protección y Defensa al Usuario de Servicios Financieros [Law of Protection and Defense of the User of Financial Services] <http://www.diputados.gob.mx/LeyesBiblio/pdf/64.pdf
 Id. at Art.13.
 Ley de Instituciones de Crédito [The Credit Institutions Law], Articles 117, 117 bis and 118; Ley del Mercado de Valores [Securities Market Law], Article 25; Ley de Ahorro y Crédito Popular [Saving and Popular Credit Law], Article 34; Investment Partnerships Law (Ley de Sociedades de Inversión) Article 55; and the Ley para Regular las Sociedades de Información Crediticia [Law to Regulate Credit Information Partnerships] (Section I Articles 18, 28, 37, 38, 39 and 52).
 Código Fiscal de la Federación [Fiscal Code of the Federation], available at <http://www.diputados.gob.mx/LeyesBiblio/pdf/8.pdf>
 "En marcha,
amplia operación anticrimen en la frontera con Estados Unidos," La
Jornada, November 5, 1996.
 Now called the Department of Homeland Security's Bureau of Customs and Border Protection.
 "Human Bar Codes," The San Diego Union-Tribune, May 13, 1998.
Asociación Mexicana de la Industria de la Publicidad Comercial en
Internet, Sello de Confianza AMIPCI is available at <http://www.sellosdeconfianza.org.mx/>.
 Freedom of Information Mexico (LIMAC) (Libertad de Información México); Foundation Information and Democracy - FIDAC (Fundación Información y Democracia); Proyecto Atlatl; the Universidad Nacional Autónoma de México (UNAM) in the Law Research Institute, (Instituto de Investigaciones Jurídicas ) and Law School (Facultad de Derecho) of the Universidad Nacional Autónoma de México (UNAM), the Center for Research and Economic Teaching - CIDE (Centro de Investigación y Docencia Económica ), and the Programa Iberoamericano de Derecho de la Información, Universidad Iberoamericana (UIA). For a survey of the NGO's process, See Talli Nauman, Mexico's Right-to- Know movement Citizen's Action in the Americas No. 4, February 2003 <http://www.americaspolicy.org/citizen-action/series/04-rtk.html>. For a listing of some of the NGOs See <http://www.americaspolicy.org/citizen- action/series/04-rtk_body.html#Mexican>.
 This law also provides a definition of personal data, information, reserved information and personal data system (Article 3); a full chapter on reserved and confidential information (Article 13 -20); a full chapter on protection of personal data (Articles 20-26); a chapter on IFAI (Articles 33-39); access to information requests and the internal procedure of the linking administrative units (unidades de enlace) (Articles 40-48); the legal procedure and remedies before IFAI (Articles 49-60); access to information to other compelled bodies and organizations (Articles 61-62), and a full chapter on liability and sanctions (Articles 63-64).
 Those regulations were, at the level of the executive branch, the regulation for the application of the LFTAIPG; IFAI's internal bylaws (IFAI's internal regulatory statute); IFAI's Guidelines for information request; IFAI's Recommendations for the identification of reserved and confidential information in the public administration; the Form to request personal information and for demanding personal data correction and modification; the Guidelines for information classification. At the level of the judicial branch, the Agreement for accountability and public information; the Guidelines for the conservation and classification of information of the Supreme Court of Justice; the Guidelines for the conservation and classification of information of the Federal Judicial Counsel; the Guidelines for the conservation and classification of information of the Electoral Court and Administrative Tribunals: the Agreement for accountability (transparency) and public information of the Federal Court of Tax and Administrative Justice; the Regulation for the Transparency and Information Access of the Federal Court of Labour Arbitration; the Regulation for the Transparency and Information Access of the Agrarian Courts. At the level of the legislative branch, the Regulation for the Accountability (Transparency) and Public Information Access of the Representatives Chamber; the Parliamentary Agreement for the Accountability (Transparency) and Access to Governmental Public Information in the Chamber of the Senate. At the level of the Constitutional Autonomous Organs:, the Regulation for the Accountability (Transparency) and Public Information Access of the Federal Electoral Institute; the criteria of the Banco de Mexico to classify reserved and confidential information; the Regulation for the Accountability (Transparency) and Public Information Access of the Human Rights National Commission. See <http://profesor.uia.mx/aveleyra/comunica/privacidad/correlacion-leyes.htm>.
 Decree No. 356 <http://www.congresocol.gob.mx/leyes/ley-proteccion-datos-pers.htm>.
 Civil Code of the State of Jalisco, from Article 40 Bis 1 to Article 40 Bis 39, available at <http://info4.juridicas.unam.mx/adprojus/leg/15/335/default.htm?s=> (in Spanish).
Convention on Human Rights, Art. 11, July 18, 1978, available at
 Assembly General Resolution 44/132, UN Document A/44/49 (1989). The General Assembly of the Organization of the United Nations adopted on December 14, 1990 the Resolution 45/95 that deals with the limits for the regulation of the computer files of personal data (Document E/CN.4/1990/72). United Nations Guidelines and Principles can be consulted in in English at <http://220.127.116.11/html/menu3/b/71.htm>. See <http://www.unhchr.ch/html/menu3/b/71.htm>.