LawAugust 13, 20266 min

AI and personal-data protection in Mexico: what your firm must watch

Your clients' data does not lose its protection because you run it through an AI model. I go through what the law requires, how public and private tools differ, and leave a checklist for your firm.

AI and personal-data protection in Mexico: what your firm must watch
Fig. 01Law

When a partner asks whether the firm can use an AI tool to review a contract, they are almost never asking about the technology. They are asking whether the firm will end up answering — to a client, or to the regulator — for something that leaked. I want to start there, because it is the part that usually falls out of the conversation: in Mexico, the personal data your firm handles does not lose its legal protection because you run it through a language model.

Personal data held by private parties in Mexico is governed by the Federal Law on the Protection of Personal Data Held by Private Parties. A new version of the law was published in March 2025, replacing the 2010 statute and moving oversight from the now-extinct INAI to the Anti-Corruption and Good Government Secretariat. The name barely changed — the obligations for your firm remain very concrete.

What the law protects, and why your firm is already subject to it

Personal data is any information that identifies or can identify a person: a name, a tax ID, an address, an email, financial data, and where applicable sensitive data such as health or legal-status information. The moment your firm decides what is done with that data, the law treats you as the data controller. It is not an optional role. It carries concrete duties: obtaining consent where required, using the data only for the purposes you disclosed, collecting only the data you actually need (proportionality), keeping it secure, and honoring the person's rights to access, rectify, cancel, and object.

Public versus private AI tools: where the risk lives

This is the point that causes the most confusion. When you paste a client's document into a free, public chatbot, you are not using a calculator that forgets what you typed. On many of those services, by default, what you write may be retained, reviewed, and used to improve the model — on servers outside your control and often outside Mexico. From the law's point of view, that looks a great deal like placing personal data in the hands of a third party you never accounted for, without the consent or the notice that such a transfer would require.

A private or enterprise tool changes the equation. A contract that forbids using your data to train the model, that fixes how long information is retained and when it is deleted, and that defines where it is processed, turns the provider into a processor working under your instructions. At the most careful end, a model running on your own infrastructure means the data never leaves your control. The difference between the two is not the quality of the answers — it is who answers when something goes wrong.

The controller's duties that AI does not erase

It is tempting to think that using a third party's tool also transfers the responsibility. It does not. You remain the controller before your client and before the regulator. The AI provider, when it processes data on your behalf, is a processor, and that relationship belongs in a contract that binds it to the same confidentiality and security you owe. Hiring the tool does not discharge your duties of security, purpose, or consent. It distributes them, and you are still the one who has to show they were met.

The privacy notice when AI enters the workflow

The privacy notice is the written promise your firm makes to a person about what data it collects, for what, and to whom it transfers that data. If you are going to process client data with AI tools, or send it to outside providers, the notice has to reflect that honestly. You cannot quietly add a new purpose after collecting the data for something else. For sensitive data, the consent standard is higher. Reviewing and, if needed, updating the notice before you bring AI into the workflow is not paperwork — it is the part that protects you.

A practical checklist for your firm

  • Classify before you type: decide which documents never enter a public tool (sensitive data, professional secrecy, anything the client asked you to keep confined).
  • Choose the right tier: for work with client data, use only enterprise or private tools with a written no-training commitment and a retention-and-deletion policy.
  • Sign a processor agreement with any provider that handles data on your firm's behalf, with clauses on confidentiality, security, and return or deletion.
  • Review your privacy notice so it covers the purposes and transfers AI implies, and tighten consent where sensitive data is involved.
  • Anonymize where you can: strip names, tax IDs, and identifiers before passing a document, because the model often needs the shape of the problem, not the identity.
  • Keep a trail: document who may use which tool, for which tasks, and with which data, so you can show diligence if anyone asks.
  • Name an internal owner to answer questions and keep the list of approved tools current.

From the rule to the practice

If I have learned anything working alongside firms, it is that the problem is almost never the law. The law can be read in an afternoon. The problem is the daily habit: the person who, in a hurry, pastes the draft of a complaint into the first tab they have open. No policy filed away in a folder fixes that. What fixes it is a team that knows, without stopping to think, which tool belongs to which document and where the line sits that nothing crosses. That is training, not a memo. It is what I work on with firms: turning these principles into reflexes, so your people can use AI without risking the trust that holds your practice together. The technology will change again next year. The judgment to use it carefully is what stays.

ReferencesSources
Manuel Lizardi
Founder, Lizardi Consulting
Keep readingBlog
AI training for firms

Bring this to your firm?

We train your team on their own real work, on-site, with three months of remote reinforcement.