By Eliane Portillo

According to KPMG in Mexico only 35% of companies are taking courses or had implemented measures to protect the databases of personal information in their possession. The rest is a red light and endangers the business continuity.

Over a year after the entry into force of federal Law to Protect Personal Data Held by Individuals (LFPDPPP), only 3 out of 10 companies have enforcement measures, leaving people vulnerable to identity theft. SafeNet, a data protection company, said that entrepreneurs who have not implemented measures to enforce the law could be punished with fines ranging from $6,000 to $38 million pesos, representing a risk to the permanence of their businesses.

Article 19th of the Act states that companies are responsible for safeguarding personal data and must maintain 'measures of administrative, technical and physical security that can protect personal data against damage, loss, alteration, destruction or use, or unauthorized access'.

The authority set as deadline January 5th, 2012 for all those individuals or companies that have a procedure to comply with the LFPDPPP.

In addition to economic damage, any penalties or lawsuits for companies that are subject to data theft there are intangible damages as affecting their reputation, losing contracts and distrust among their customers.

A study made by Kroll revealed that more than half the companies in the world that are considered moderately vulnerable to data theft, which represents an increase of 38% over 2010.

According to the Global Annual Report on Fraud, the category of data sought by offenders varies by industry, with the telecommunications, technology, media and financial as the most wanted.

Also, risk consultancy said that 60% of fraud was committed by internal employees of the company, so it is necessary to maintain strict control over who use data banks and how they are managing them.