What's new and changed in Data Privacy

Data Privacy updates can include new features, bug fixes, and security updates. Releases are listed in reverse chronological order so that the latest release is at the beginning of the topic.

You can see a list of the new features for the platform and all of the services at What's new in IBM Cloud Pak for Data.

Installing or upgrading Data Privacy

Ready to install or upgrade Data Privacy?

To install Data Privacy along with the other Cloud Pak for Data services, see Installing Cloud Pak for Data.
To upgrade Data Privacy along with the other Cloud Pak for Data services, see Upgrading Cloud Pak for Data.
To install or upgrade Data Privacy independently, see Data Privacy.
Remember: All of the Cloud Pak for Data components associated with an instance of Cloud Pak for Data must be installed at the same version.

Cloud Pak for Data Version 5.0.3

A new version of Data Privacy was released in September 2024 with Cloud Pak for Data 5.0.3.

Operand version: 5.0.3

This release includes the following changes:

Issues fixed in this release: The following issues were fixed in this release:; Issue: Correction to error message display for customized data class in obfuscate masking methods.

Resolution: This issue is now fixed.
Security issues fixed in this release: The following security issues were fixed in this release:; CVE-2024-39338, CVE-2024-42459, CVE-2024-42460

Cloud Pak for Data Version 5.0.2

A new version of Data Privacy was released in August 2024 with Cloud Pak for Data 5.0.2.

Operand version: 5.0.2

This release includes the following changes:

Issues fixed in this release: The following issues were fixed in this release:; Issue: Unable to preview an asset with a row filtering rule due to connection restrictions.

Resolution: This issue is now fixed.
Security issues fixed in this release: The following security issues were fixed in this release:; CVE-2024-24791, CVE-2024-4032, CVE-2024-6345; CVE-2023-36632; CVE-2021-23336, CVE-2021-23337, CVE-2021-3997, CVE-2021-41720; CVE-2020-28500, CVE-2020-8203; CVE-2019-1010266, CVE-2019-10744; CVE-2018-16487, CVE-2018-3721

Cloud Pak for Data Version 5.0.1

A new version of Data Privacy was released in July 2024 with Cloud Pak for Data 5.0.1.

Operand version: 5.0.1

This release includes the following changes:

Customer-reported issues fixed in this release

The following issues, which were reported by customers, were fixed in this release:

DT392918: Incorrect replace mask character is used for partial redact when data is masked.

Security issues fixed in this release

The following security issues were fixed in this release:

CVE-2024-0450, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-35195, CVE-2024-37890, CVE-2024-4032

CVE-2023-36632, CVE-2023-6597

CVE-2022-40896

CVE-2021-23336

Deprecated features

The following features are deprecated and will be removed in a future release:

Reversible option for obfuscating data to reverse the masking to recover the original values.
Reversible encryption that is available for creating copies of data by creating masking flows and one-way hash tokenization for flexible compliance.
Decrypt reversible masked data.

If you have questions or concerns that are related to the deprecation, you can open a support ticket.

Cloud Pak for Data Version 5.0.0

A new version of Data Privacy was released in June 2024 with Cloud Pak for Data 5.0.0.

Operand version: 5.0.0

This release includes the following changes:

New features

This release of Data Privacy includes the following features:

Data protection rules no longer enforced in projects

Data protection rules are now only enforced either in governed catalogs or by a deep enforcement solution. A deep enforcement solution is a protection solution to enforce rules on data that is outside of Cloud Pak for Data when the data source is integrated with one of these services:

IBM Data Virtualization
IBM Security Guardium Data Protection
IBM watsonx.data

Assets that are added into projects from a governed catalog no longer have preview, download or profiling restricted by data protection rules unless you have configured a deep enforcement solution.

You will be reminded of the revised data protection rule enforcement protocols when you:

Create a data protection rule
Copy an asset from a governed catalog into a project

For details, see Accept revised protocol for enforcing data protection rules.

Defining a data source definition with a protection solution

A protection solution is a method of enforcing the data protection rules either in governed catalogs or by a deep enforcement solution.

To configure the platform with a deep enforcement solution, you can create a data source definition to set the data source type. The data source type determines which types of connections the data source definition can be associated with and your available protection solution options. For details, see Protection solutions for data source definition.

Tracking data protection rule enforcement decisions

You can now track enforcement decisions as audit events when the Send policy evaluations to audit logs check box is selected from the Manage rule settings page. For details, see Audit events for Data Privacy.

Security issues fixed in this release

The following security issues were fixed in this release:

CVE-2024-0727, CVE-2024-1135, CVE-2024-2398, CVE-2024-24786, CVE-2024-25062, CVE-2024-2511, CVE-2024-28834, CVE-2024-28835, CVE-2024-2961, CVE-2024-3154, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-34447, CVE-2024-35195, CVE-2024-3651, CVE-2024-3772

CVE-2023-2953, CVE-2023-2975, CVE-2023-32636, CVE-2023-3446, CVE-2023-35116, CVE-2023-3817, CVE-2023-45322, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2023-7008

CVE-2022-27943, CVE-2022-41409, CVE-2022-48554

CVE-2021-3997

CVE-2020-7656, CVE-2020-11022, CVE-2020-11023, CVE-2020-23064

CVE-2019-5428

CVE-2015-9251

CVE-2012-6708