Mexico

In Mexico the authority in charge of enforcing both, the Federal Law for the Protection of Personal Information in Possession of Private Entities, and The Federal Law for the Protection of Personal Information in Possession of Obliged Subjects, is the National Institute of Access to Information (INAI), which is the only Mexican Data Protection Authority.
INAI is an administrative authority entitles to conduct ex officio audits in order to verify the compliance with the above laws. As well as the safeguard of the ARCO rights.
INAI is entitled to impose administrative sanctions such as fines up to 25 million Mexican Pesos (approximately $1,400,000 USD)
Additionally, there are two activities deemed as felonies related to the wrong use of PI, which are:
i) When a data owner authorized to collect, store and use PI with the aim of profiting, causes a security breach in the database containing PI under its custody. This is sanctioned with imprisonment from 3 months and up to 3 years.
ii) To collect, use or store PI, with the aim of profiting, through error or deceit of the data subject, or error or deceit of the person who has to authorize the transfer. This is sanctioned with imprisonment from 6 months and up to 5 years.
However, Mexican DPA is an administrative authority not entitled to award any damages. For that effect an independent civil action would be required, until after having obtained a final ruling declaring an infringement to any of the above legal provisions.