Mexico: Rejected Amendment to Data Protection Law increasing data breach reporting duties

On 31 August 2021, the amendment to the Federal Law on the Protection of Personal Data Held by Private Parties ("data protection law") was rejected after failing to be passed by Congress before the end of the LXIV legislature. Senator José Alberto Galarza Villaseñor introduced the initiative to increase data security and breach notifications, requiring the reporting of breaches within 72 hours to both the data owner and the National Institute of Transparency, Access to Information and Protection of Personal Data. (INAI) Furthermore, the territorial scope of the data protection law would have been adjusted so every company would have to be able to designate a representative located in Mexico to ensure the fulfilment of the legal obligations.