Legal memo published in The Legal Industry Review.
Nowadays most of our daily activities have been moved to the digital world. The common denominator between them is that they require the use of the internet to carry them out. In this sense, the Internet has become an indispensable intangible asset for humans. Because of this, various countries around the world, including Mexico, have recognized internet access as a human right.
As a result, both the Mexican state and establishments of all kinds (hospitals, airports, libraries, restaurants, hotels, shopping malls, etc.) have installed public Wi-Fi networks so that people can connect to the Internet quickly and for free. However, there is a lack of awareness of the risks that may be associated with being associated with them.
On the one hand, public WiFis must not encrypt the information transmitted through them, so any other person connected to them with some knowledge can access information such as: emails, passwords, bank card information, social network content, among others.
In order to prevent the theft of this information, certain recommendations have been issued to follow in case of connecting to an untrusted or unknown public Wi-Fi; For example: not exchanging private or confidential information, not using mobile or internet banking services and not making online purchases that require bank details. Likewise, most devices currently offer the possibility of connecting to such public networks through a VPN (Virtual Private Network), the purpose of which is precisely to encrypt the connection of users and thus avoid interception of their information.
These measures and recommendations can provide a certain level of protection against attacks by third parties, e.g. B. phishing crimes. However, what happens to the information collected from facilities over public Wi-Fi networks? Most users are unaware of what personal information they are sharing, with whom, and for what purpose when using a public network. The main cause of this problem is the failure of institutions to provide such information.
Speaking of the private sector, according to the provisions of the Federal Law on the Protection of Personal Data Held by Natural Persons, both entities and Internet service providers would be obliged to inform users about the personal data they collect, their processing, the transfer of this personal data to third parties, these being minimum requirements .
However, the reality is that a large number of entities fail to meet this obligation by not providing users with a privacy statement to inform them about the processing of their personal data. In this way, they should inform about the use of the data that users provide to the establishment directly to access the Internet service, as well as those collected automatically by the establishment and at the same time when users surf through a public Wi-Fi .
The above demonstrates the need to continue promoting a culture of personal data protection so that users can know and assert their privacy and data protection rights. Finally, the respect of these rights by companies and public and private bodies and, above all, the role of control bodies in ensuring their protection should be highlighted.
On July 26, the National Guard General Scientific Directorate Cyber Incident Response Center issued a statement on the key considerations for users to avoid becoming victims of a “phishing” email attack as cases of this criminal activity are increasing, namely:
- Never send information via email, as companies and banks will never request financial or credit card information this way.
- If you have any doubts about the authenticity of the e-mail, do not click on any links contained in it.
- If you have any doubts about the accuracy of the email, check the facts directly with the bank (whether by calling or visiting).
- If you received a phishing email, never reply to it. it is best to ignore it.
- Check that the website you are accessing is a secure address; it should start with https://. A small closed padlock should also appear in the browser status bar.
- Be sure to spell the address of the website you are trying to visit correctly as there are hundreds of attempts to spoof the most popular websites with just a letter or two.