During her participation in the forum "The protection of personal data on the Internet, social networks and the new normality", within the framework of the International Day for the Protection of Personal Data last February, the commissioner of the National Institute for Transparency, Access to Information and Protection of Personal Data ("INAI"), Josefina Román Vergara commented that the use of technology increases the risk of suffering security breaches, but does not imply that it should stop being used. Rather, urgent actions are required for technology developers to incorporate the objectives of personal data protection into the innovation process.
The Commissioner considers that privacy by design, which denotes the contemplation of the protection of privacy from the very outset of a technological tool's development, should always be considered,. It is worth mentioning that the Implementing Regulations of the Federal Data Protection Law, state that data controllers must implement mechanisms to ensure due processing of personal data, giving priority to the interests of the data subject and the reasonable expectation of privacy. These mechanisms include trainings and awareness programs for personnel on the obligations regarding the protection of personal data, including those oriented to programmers and others who originate new technologies, so that they consider privacy in the creation of new technologies.
In addition, under such Implementing Regulations, data controllers must also implement procedures to address the risk to the protection of personal data from the implementation of new products, services, technologies and business models, as well as to mitigate them. Such impact assessments should be made prior to the implementation of the new products, services, technologies and business models, which should help implement privacy by design in the same.
Therefore, companies in Mexico should consider the incorporations of privacy by design in their internal processes, not only to comply with data protection regulations, but also in response to an increase in data breaches and the need to implement security measures.
"The concern for the protection of personal data should not be analyzed subsequent to the completion of the development of any activity, as if it were an annex, but should be present at all stages of the technology development process; thus, privacy is considered at all stages of the lifecycle of the system, application or device."