Data protective jurisdictions tend to guarantee the right of individuals to contact an organization directly and find out whether personal data is being tracked. Access procedures and acceptable exceptions (such as business secrecy) are determined by law and may be subject to the control of data protection authorities. In the context of HR, personal data access requests can include information tracked by the company as well as data tracked by third-party solutions, such as background check vendors.
In Mexico, individuals and their legal representatives have the right to request information, access, correction and deletion of their personal information. They also have the right to oppose the data collection, limit the processing of their data when the data is processed for extraneous purposes or, revoke their consent for data processing (Federal Law on the Protection of Personal Data Held by Private Parties, 2010).
Employers must designate a person or department to handle personal data requests. Upon receiving a request from an individual, employers have 20 days to reply and 15 days from the date of reply to complete any requests (when applicable). This timeframe can be extended once for an equal period, as long as there is a justifiable circumstance.
Data processors can deny requests when:
Employers can partially refuse requests where necessary. In the event a request is rejected, the employer must inform the individual of the reason of the refusal.
In the event that an individual requests the deletion of their personal data, the employer should first suspend the data prior to suppressing the information. Once the data has been deleted, notice should be given to the individual. An employer can deny a request to stop processing an employee’s personal information in certain circumstances, including when:
HR Best Practices: When processing an access request from an employee, make sure not to disclose information connected to other individuals. Establish official procedures and contacts for employee requests, complaints and questions.