Mexico

According to the Federal Consumers Protection Law, the penalties for data security breaches regarding marketing matters range from $260.56 to $833,823.71 Mexican Pesos.
On the other hand, Mexican DPA (INAI) is entitled to impose administrative sanctions such as fines up to 25 million Mexican Pesos (approximately $1,400,000 USD)
Additionally, there are two activities deemed as felonies related to the wrong use of PI, which are:
i) When a data owner authorized to collect, store and use PI with the aim of profiting, causes a security breach in the database containing PI under its custody. This is sanctioned with imprisonment from 3 months and up to 3 years.
ii) To collect, use or store PI, with the aim of profiting, through error or deceit of the data subject, or error or deceit of the person who has to authorize the transfer. This is sanctioned with imprisonment from 6 months and up to 5 years.
However, Mexican DPA is an administrative authority not entitled to award any damages. For that effect an independente civil action would be required, until after having obtained a final ruling declaring an infringement to any of the above legal provisions.