Mexico

There is no legal requirement to report data breaches to the Mexican DPA, and so far there are no guidelines for voluntary breach reporting to Mexican DPA.
However, the Law requires that if any phase of the data collection, storage or use, may, in any way, affect in a significant manner the patrimonial or moral rights of individuals, data controllers shall immediately notify this situation to individuals.
Likewise, Article 64 of the Regulations of the FLPPIPPE requires data controllers to notify individuals without any delay, as to any breach that significantly affects their moral or patrimonial rights, as soon as the data controller confirms that a breach has occurred, and when the data owner has taken any actions tending to start an exhaustive process to determine the magnitude of the breach.
In said notification data controllers must inform at least:
The nature of the incident;
The compromised PI;
Recommendations for the data subjects to protect their interests.
The corrective measures immediately implemented by the data controller.
The means for getting more information regarding the breach.