Private Investigators in Mexico: Legal Boundaries for U.S. Clients

A U.S. client once asked me whether a Mexican private investigator could “pull phone records” the way people describe it in movies.

My answer was simple: no, not lawfully without proper authority.

That question comes up often in cross-border work. Some clients assume Mexico has fewer rules. Others assume a U.S. private investigator license, an attorney request, or a business dispute gives them access to information they could not get at home. Those assumptions create legal risk before the investigation even starts.

I work in Mexico and Latin America on fraud, due diligence, corporate security, and asset-tracing matters. The biggest legal problems I see rarely come from research itself. They come from bad scope. A client asks for a result without asking how the investigator plans to obtain it.

The method matters.

Mexico does not use the same PI licensing model that many U.S. states use. Security licensing can exist at the federal and state level, including for investigation-related services, but its purpose is different. It usually works as an authorization for a security company. The company operates under that umbrella and assigns authorized personnel under its own registration.

That distinction matters. A security-company authorization is not the same thing as a personal PI license for independent practice. An investigator working outside a registered security company does not rely on a DGSP-style security license in his own name for ordinary professional investigation work.

For independent professional work, the key pieces are different: a cédula profesional issued through the Secretaría de Educación Pública when the work falls within a relevant professional field, SAT registration to offer and invoice professional services, written contracts, lawful methods, and proper data-protection practices.

For U.S. clients, this point can feel confusing because the U.S. market often uses a state PI license as the first trust filter. In Mexico, the first question should be whether the provider is acting as an independent professional or as part of a registered security company. The second question is what legal basis supports the specific work.

Security services may fall under the Ley Federal de Seguridad Privada when they are provided in 2 or more states, and state rules may apply inside one state. The Dirección General de Seguridad Privada maintains federal private security company information, including authorized companies.

Pure investigation work often sits closer to professional services. Research, open-source checks, public-record review, interviews, and field verification do not become lawful just because someone calls himself a private investigator. They become safer when the professional status, tax status, scope, method, source, and documentation are lawful.

A U.S. PI license has no legal force in Mexico. A state license from the United States may show experience or training, but it does not authorize investigative acts inside Mexico. The work still has to comply with Mexican law, including privacy, data protection, criminal, civil, labor, professional-services, tax, and security rules when they apply.

This is where many clients need a reset. Can you get it lawfully, document the source, and explain the method if an attorney, court, employer, insurer, or compliance team asks later?

Lawful investigation in Mexico can include public-record searches, open-source research, corporate background checks, site verification, public-space observation, and interviews handled with care. Public records and open sources can support a case when the investigator collects them through proper channels. Visible property conditions can also matter when fieldwork documents them from a lawful public viewpoint.

Still, access does not erase responsibility. Mexican privacy law matters. The Ley Federal de Protección de Datos Personales en Posesión de los Particulares regulates personal data held by private parties and focuses on legitimate, controlled, and informed processing. A private client, company, or investigator cannot treat personal data as free material just because it appears useful.

Some methods create immediate trouble. Impersonating a government official, bank employee, or similar role can turn an investigation into a legal problem. So can unauthorized access to private data, such as entering an email account or buying restricted personal records from informal sources.

The same issue appears with recordings and technology. A client should not assume that tools such as hidden cameras or mobile phone research are safe just because one person in the dispute wants them. Each tool raises its own legal question before anyone uses it. Mexico regulates remotely piloted aircraft systems through aviation rules, including NOM-107-SCT3-2019. A drone may look like a simple way to verify a property or site condition, but aerial footage can lose value fast if the method creates a complaint.

For corporate cases, the cleanest approach usually starts with documents and open sources. Then fieldwork confirms what the records suggest. A supplier says it has a warehouse. Visit the address from a lawful public viewpoint. A company claims an office. Verify whether the office exists and whether normal business activity appears there. A debtor claims no assets. Review public records and lawful business traces before anyone talks about intrusive methods.

This desk-first approach protects the client. It also produces a better report. A report should explain what was checked, where the information came from, what remains unknown, and which claims need more support. If the client later uses the report with counsel, an insurer, an employer, or a business partner, method credibility matters as much as the finding. I explain this broader approach in my guide on how private investigation works in Mexico.

Cross-border cases need extra caution because the client may think in U.S. terms while the work happens in Mexico. A U.S. lawyer, insurer, or company can request an investigation, but the method still happens under Mexican conditions. The location of the act, the source of the information, and the final use of the report all matter.

I have seen U.S. clients ask for work that sounds normal in their own market but becomes sensitive in Mexico. Employee checks, surveillance near a residence, and vendor due diligence all require clear limits, among others. A legal request in English does not replace lawful collection in Mexico.

A strong investigator will slow the client down when needed. He will ask for identifiers, purpose, consent documents if they exist, the intended use of the report, and any attorney involvement. He will also say no when the requested method crosses a line.

That refusal is part of the service.

The standard I use in my own work is simple: reduce uncertainty without creating a second problem.

Last updated: May 1, 2026