Penalties to protect information

By Luis C. Schmidt, Partner

International Technology Law Review, June 2001

There is no equivalent to the so called US Anti-wiretapping law in Mexico. On May 17 1999 however, the Mexican government published in the Federal Official Gazette a bill passed by congress, amending the Federal Penal Code. It puts in place certain criminal provisions concerning disclosure of confidential information and illegal access to information equipment and systems.
Penalties include imprisonment between one and eight years. The amended provisions include the following issues:
Loss of information without authorization pertaining to particulars – A person is liable if they modify, destroy or trigger a loss of information contained information systems or equipment, protected by a security mechanism, without authorization.
Wrongful misappropriation of information pertaining to particulars – A person is liable if they misappropriate or copy information contained in systems or information equipment, protected by any security mechanism or media.
Loss of information without authorization of systems pertaining to the government –  A person is liable if they modify, destroy or trigger a loss of information contained in information systems or equipment, pertaining to the government and that are protected by a security mechanism.
The sanction increases if the person had authorization to access the information and modifies it unlawfully.
Wrongful misappropriation of information pertaining to the government – A person is liable if they misappropriate or copy information contained in systems or information equipment, protected by any security mechanism or media. Sanctions would increase if the person had authorization to access the information but not to misappropriate or copy it.
Loss of information without authorization of systems pertaining to the financial system – A person is liable if they modify, destroy or trigger a loss of information contained in information systems or equipment, pertaining to the financial system and that are protected by a security mechanism. The sanction increases if the person had authorization to access the information and modifies it unlawfully.
Wrongful misappropriation of information pertaining to the financial system – A person is liable if they misappropriate or copy information contained in systems or information equipment, protected by any security mechanism or media. Sanctions increase if the person had authorization to access the information but not to misappropriate or copy it.
The penalties above are higher if the offenders are personnel of financial institutions.
From the foregoing it can be concluded that anyone including ISPs, may be held liable for criminal misconduct if triggering loss of information in a system pertaining to a private government or financial entity or if it misappropriates or copies that information without proper authorization. There is however nothing indicated in the new provisions of the Federal Penal Code. as to prohibit transmission or sending private information over the internet for any other means.