Family-Owned Company

Family-Owned Company

A family-owned company is born from the dreams of one person. Have you thought about how to continue with that dream for generations to come? One of the main obligations to achieve the continuance of the family-owned company is the union and commitment of all the members of the family to work as a team, under shared rules and values, to achieve relevant and long-lasting results. 90% of the companies in Mexico are family-owned. Family-owned companies prefer family members on key positions on the company; 56% of the companies hired up to four family members, and 26% of the companies recruit between six and ten family members. Only three of every ten family-owned companies continue to the second generation. The majority of the family-owned companies that do not survive the transition process to the next generation had a lack of professional management and corporate structure (Source UDEM).

It is very important to take into account the following topics to achieve the continuance of a family-owned company:

  • Effective communication, and clear rules and policies within the family, are indispensable to solve conflicts and to reach agreements.
  • Have a structure to lead the family and the company in the fulfillment, control, and follow up of the agreements.
  • Accomplish common ideas and values among the members of the family.
  • Established strategic rules and institutional bodies to deal with family matters, property issues, and company-related topics, make the family-owned company more effective in the transition to the next generation.

The landscape could not be better. Family entrepreneurship has a bond of passion and love that arouses the desire of the next generation to continue with the family legacy. Family entrepreneurship promotes the country’s development, moreover, in a society where the culture is the lack of effort.

In Mexico, 83% of companies are family-owned. In its vast majority, are small or medium companies, companies that create 67% of the jobs in the country. Therefore, their importance on the country’s economy.  Notwithstanding, the foregoing there is a lack of studies about the difficulties and challenges faced by the family-owned companies, their administrative structure, or its governance.

The transition is an extremely important element in the evolution of a family-owned company, and it can be the most relevant.

Have you established within your company, how do you want the dream to be continued?

Oscar Brieño Garza

Gloria Ponce de León & Hernández

Digital Disconnection

Digital Disconnection

Digital disconnection is the right of working people not to answer phone calls or be disconnected from the internet outside of their working day, vacations, days off, mandatory rest and disability. Different groups of mexican legislators have presented initiatives regarding teleworking to the Congress of the Union as a way to give certainty to the modality of the home office.

According to the World OCC, the home office has been valued by workers, however, it has meant a greater workload for them who claim that their working day has been extended, working between 9 and 12 hours a day.

Regulation of teleworking has been accelerated by the pandemic and although some countries have made progress in legislating this modality, Latin America has not made significant progress in promoting a work-life balance for those who work from home.

Spain is one of the countries that has promoted the right to digital disconnection, as established in Article 88 of the Law on Data Protection and Guarantee of Digital Rights:

            Workers and public employees shall have the right to digital disconnection in order to guarantee, outside the legally or conventionally established working time, the

respect for your time of rest, leave and vacation, as well as your privacy

personal and family.

France and Spain are two of the first countries to have legislation in this respect, which serves as a guide for different Latin American countries such as Argentina, which are looking for a solid response to the new normality.

After the recognition of the health crisis generated by the Covid-19 and the increase in digital “consumption”, it is necessary to adopt measures to guarantee digital disconnection, with the right not to receive calls, whatsapp, e-mails or videoconferences outside the agreed hours. These training and awareness actions on a reasonable use of the technological tools will avoid the risk of computer fatigue and excess information.

Génesis Moyeda Salazar

Gloria Ponce de León & Hernández

New Normal: Remote Litigation

New Normal: Remote Litigation

Since it appeared SARS -COVID 19 pandemic, everyone in the work area that we are carrying out has made changes in our daily habits, that is why in the Legal area and the Courts of Justice, they have implemented various technological advances, so that the claims or controversies can be developed according to the new guidelines where various Courts of Justice have developed programs or virtual sites to be able to present the briefs, claims, and review files.

The hearings of the different courts, whether in commercial, civil, labor, etc., can be carried out remotely through programs or software (meet Google, zoom) where the evidence and other procedures that in Normally, the parties should be present, but in these cases they will do so remotely, such as the actor, defendant, judge or witnesses.

Digital media will be the new future in justice, as now that we already have online activities and that society is constantly using them. Then, activities with the essential sanitary measures must be resumed in order to continue serving society. Now, the trials by Zoom or by videoconference could help not only to contain the virus, but also to make the administration of justice more agile, but it also entails an enormous expense for the Courts, which must be adapted so that the principle of procedural equality.

Due to the aforementioned, the task of the public servants attached to the Courts, the governed, is to support the efforts to ensure that everyone has access to prompt and expeditious justice, the administration of justice is respected as an essential activity .

Arturo de la Peña

Gloria Ponce de León & Hernández

Transparency practices for Civil Society Organizations on Corporate Issues

Transparency practices for Civil Society Organizations on Corporate Issues

In order to begin, it is necessary to understand what is understood as personal data:

Personal data: information concerning an identified or identifiable person (natural). A person is considered identifiable when their identity can be determined directly or indirectly through any information. (Age, address, telephone number, personal email, academic, work or professional history, assets, social security number, CURP, among others.)

Sensitive personal data: personal data that affect the most intimate sphere of its owner, or whose misuse may give rise to discrimination or entail a serious risk for it. (Racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, union membership, political opinions, sexual preference.)

When we talk about transparency, there are two important figures, the responsible and the commissioned.

The responsible is the natural or legal person who decides on the processing of personal data. Consequently, it collects, stores, uses, transmits, transfers and deletes personal data of people with whom it has or has had some type of relationship, whatever its nature.

The commissioned, then, is the natural or legal person who alone or jointly with other third parties, brings personal data on behalf of the responsible.

However, the protection of personal data for civil society organizations is of the utmost importance since every day information is received from people in the exercise of their activities which is one of the greatest assets of these societies, but at the same time this makes them responsible for the treatment of all this data that is received.

The authority in charge of supervising compliance with the protection of personal data in Mexico is the National Institute of Transparency, Access to Information and Protection of Personal Data (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales [INAI]).

The applicable regulation is its Federal Law (Ley Federal de Protección de Daos Personales en Posesión de los Particulares LFPDPPP) and its internal regulation.

Civil society organizations must keep the personal data provided to them under the necessary security conditions to prevent their adulteration, loss, consultation, use or unauthorized or fraudulent access, as well as respect for the rights of the holders of the data.

It is necessary to establish confidentiality and personal data protection clauses in all contracts with clients and with third parties in general. Likewise, it should always be taken into consideration that the information that is being collected is really necessary, adequate and relevant information for the purposes for which it is being obtained.

Additionally, it is necessary to establish personal data protection policies whose purpose is to:

  • Ensure compliance with the rules.
  • That they are applicable to all employees and their compliance is mandatory.
  • Legal consequences and sanctions are established in case of violation.
  • Explain how the personal data obtained is treated and protected.
  • Establish procedures and guidelines for the rights of access, rectification, cancellation and opposition of personal data.
  • Establish an area in charge of dealing with related requests.

The Privacy Notice is a physical, electronic document or in any other format, through which the responsible informs the owner about the existence and main characteristics of the treatment to which their personal data will be submitted. The purpose of the privacy notice is to establish and define the scope, terms and conditions of the processing of personal data, so that the owner can make informed decisions regarding their personal data and maintain control and disposition of the information that is provided to them.

Any person who is considered responsible for processing personal data, regardless of the activity carried out or whether it is a natural or legal person, needs to prepare and make their privacy notice available.

In accordance with the foregoing, the privacy notice must be made available at the following times and consequently request that the third party sign the notice accordingly:

  1. Prior to obtaining personal data: when personal data is obtained directly or personally from the owner.
  2. At the first contact with the owner: when personal data is obtained indirectly and the treatment for which they will be used involves direct or personal contact with the owner.
  3. Prior to the use of personal data: when personal data is obtained indirectly, but the treatment for which it will be used does not require personal or direct contact with the owner.

Different modalities of the Privacy Notice:

Comprehensive privacy notice: All the elements that are described in section III of the ABC of the Privacy Notice: It is used when the data is collected directly and in person from the owner.

Simplified privacy notice: (i) The identity and address of the responsible; (ii) the purposes of the treatment, distinguishing those that originated and are necessary for the legal relationship between the owner and the responsible, from those that are not; (iii) the mechanisms for the holder to express his refusal for secondary or accessory purposes; (iv) the mechanisms for the owner to know the comprehensive privacy notice. It is used when the data is collected directly through electronic means or by telephone from the owner.

Short privacy notice: (i) The identity and address of the responsible; (ii) the purposes of the processing, without it being necessary to distinguish the secondary or accessory purposes; (ii) the mechanisms for the owner to know the comprehensive privacy notice. It is used when the space used to obtain personal data is minimal or limited.

In the event that it is required, we leave a link to a generator of Privacy Notices that the INAI has:

The rights of the holders of personal data are the following (Derechos ARCO):

  • Access: right to obtain information about your personal data in the possession of the responsible, as well as information regarding the conditions and generalities of the treatment.
  • Rectification: they may request, at any time, that the responsible rectify their personal data that turns out to be inaccurate or incomplete.
  • Cancellation: they may request, at any time, the cancellation of personal data when they consider that their treatment is no longer necessary or that they are not being treated in accordance with the principles and duties established by law.
  • Opposition: they may at any time oppose the processing of their personal data or demand that it ceases when:
    • There is a legitimate cause and the specific situation requires it.
    • Manifest opposition so that the treatment for specific purposes is not carried out.

What is considered a data breach?

  • The unauthorized loss or destruction of personal data.
  • The theft, loss or unauthorized copying of personal data.
  • The unauthorized use, access or treatment of personal data.
  • The damage, alteration or unauthorized modification of personal data.

In case of data breach, the responsible is the one who must inform the owners if there is a significant impact on their economic or moral rights, as well as the measures, guidelines and internal actions that will be carried out.

What behaviors could generate administrative or even criminal sanctions?

  • Failure to comply with any request made by an owner of data.
  • Change the purpose of the processing of personal data.
  • Transfer data to third parties without authorization from the owner.
  • Deliberately declare the inexistence of personal data.
  • Act with negligence and / or fraud.
  • Skip the privacy notice and deal with personal data.
  • Failure to comply with confidentiality when processing personal data.
  1. Administrative sanctions:
  2. Warning
  3. Fines of 100 or 200 to 160,000 or 320,000 current minimum wages.
  4. In case of repetitions, it can be sanctioned with additional fines or the sanctions can be increased up to double.
  • Criminal penalties:
  • Imprisonment for 3 months to 3 years for the person who, being authorized to process personal data, for profit, violates the security of the databases in their custody.
  • Prison from 6 months to 5 years to which person, in order to profit, treats personal data through deception, takes advantage of the error of the owner or the person authorized to transmit them.

Actions to avoid sanctions or criminal penalties:

  1. Have a data protection policy.
  2. Train your employees on data protection issues.
  3. Have a privacy notice that complies with the characteristics of the country in which the data is collected.
  4. Conduct internal audits of existing processes and policies to find out the level of compliance in which the company is.
  5. Designate one person or a group of people to be in charge of safeguarding the integrity of the information and verifying its correct handling.

Maria Fernanda Ortega

Gloria Ponce de León & Hernández

Cybercrimes foreseen and sanctioned in the Mexican Legal System

Cybercrimes foreseen and sanctioned in the Mexican Legal System

The Internet is the most used technological tool today and the largest source of information consultation, which has caused a large number of illegal activities to be carried out through this medium, being connected to the Internet, people are exposed to activities by unauthorized third parties without authorization, since most of these electronic devices being connected to the Internet can carry out different activities through them: banking operations, publication of information through social networks, sending emails, among many others.

In Mexico, starting in 1999, a federal criminal law reform related to computer crimes was published in the Official Gazette of the Federation, which included within its legal framework different criminal figures that protect the information contained in computer systems and equipment. However, this arrangement has been overcome due to the growth in the use of information technologies.

Therefore, in Gloria Ponce de León & Hernández we present you the computer crimes sanctioned by law:

Federal Criminal Code

The Federal Criminal Code includes, among others, the crimes of Disclosure of Secrets, Illegal access to computer equipment and systems, and Copyright crimes.

The crime of disclosure of secrets is typified when to the detriment of someone, without fair cause and without consent, any secret, communication, information or images are revealed, disclosed or used, which have been known or received on the occasion of a job, even for being a public official or employee.

While illicit access to computer systems and equipment is classified as conduct that can be considered as computer hacking; They consist of the modification, destruction, provocation to losing information, knowing or copying information that is contained in protected computer systems or equipment.

On the other hand, it is provided that it constitutes a crime against Copyright, the manufacture for profit of a device or system which purpose is to deactivate the electronic protection devices of a computer program; criminal type that can be considered as computer cracking.

Besides, article 426 provides that the manufacture, import, sale or lease of devices or systems that decrypt encrypted satellite signals are constituted as illegal in terms of Copyrights.

Another ordinance in which the protection of legal assets is analyzed, against information technology and its advances, is the Federal Law against Organized Crime, which establishes sanctions that may be applied to those who participate in the intervention of private communications and to those who, with the occasion of their employment, position or public, reveal or misuse the information or images obtained in the course of an intervention of private communications

The National Security Law establishes that the personal data granted to an instance by public servants, as well as those provided to the Mexican State to determine or prevent a threat to National Security, are confidential government information, that is, that the authorities, personnel of National Security bodies and public servants who work in the bodies that make up the National Security Council or the National Security and Research Center, must keep secrecy and confidentiality regarding the information they know or have access to.

In the financial field, article 112 Bis of the Credit Institutions Law is the one who regulates and mentions the following crimes, whoever alters the means of electronic identification and accesses the electromagnetic equipment of the banking system and who obtains or misuses the information on clients or operations of the banking system, the Law provides that public servants of the National Banking and Securities Commission, officials or employees of the credit institution will be sanctioned to alter or modify records with the purpose of hiding facts that may constitute crime.

Criminal Code for the Federal District (CDMX)

The Article 336 of the New Criminal Code of the Federal District, relative to the Production, Printing, Alienation, Distribution, Alteration or Falsification of Bearer Securities, Public Credit Documents or Exchange Vouchers, who access the electromagnetic equipment of the issuing institutions of cards, titles or documents for the payment of goods and services or for the disposition of cash who acquires, uses or possesses electromagnetic or electronic equipment to subtract the information contained in the tape or magnetic strip of cards, titles or documents, for the payment of goods or services or for the disposal of cash, as well as whoever possesses or uses the stolen information, in this way; and whoever misuses confidential or reserved information of the institution or person who is legally empowered.

On the other hand, article 355 of the New Criminal Code, to the electoral official that alters, issues, substitutes, destroys or misuses public electoral documents or computerized official files or those related to the corresponding voter registry.

Criminal Code of the State of Nuevo León

Article 242 Bis of the Penal Code for the State of Nuevo León, relative to the Forgery of Bearer Securities, Public Credit Documents and related to Credit, such as the alteration of credit or debit cards and the information contained therein , check formats or documents used for the payment of goods and services or for the disposal of cash, the alteration of electronic identification means, that the electromagnetic equipment of the issuing institutions is improperly accessed, the imposition of penalties is also foreseen, to who misuses confidential or reserved information of the institutions.

Furthermore, in the Penal Code for the State of Nuevo León, it is equated with theft and is punished as such, in terms of Article 365, the material seizure of documents containing computer data, or the exploitation or use of said data.

Regarding crimes by electronic means, those who improperly access an automated data processing or transmission system are punished; who unduly deletes or modifies data contained or its operation of the system.

Javier Estrada

Gloria Ponce de León & Henández