Privacy updates V1.10.11

The Privacy Solution includes new and updated regulators in this release.

We always appreciate feedback on current legislation and guidance whether it appears in our product or not. Contact your Customer Relationship Manager if you have any questions about these updates or suggestions for future updates. You can also use the IBM Community to see how your peers are using the Privacy solution to simplify the complex world of information security.

The following regulators were updated in this release.

Regulator/Feature

Description

Italy (Banking Sector)

Updated the contact information in the Resource Library and the Notify Data Protection Authority (Garante) – Italy task. Specifically, removed the fax number from both sources as it is no longer valid.

South Korea
Updated this regulator pursuant to the Enforcement Decree of the Personal Information Protection Act, effective on October 20, 2022.
  • Revised the language and links in the Resource Library and tool tip.
  • Changed the title of the Notify Personal Information Protection Commission (South Korea) task to Notify the Supervisory Authorities (South Korea).
  • Revised the language of the notification instructions of the renamed task.
    • Specified the notification time frame and required notice content.
    • Added an additional notification requirement for financial institutions.
    • Updated the online reporting link and contact information of supervisory authorities.

South Korea Communication Services Provider
Updated this regulator pursuant to amendments on the Act on Promotion of Information and Communication Network Utilization and Information Protection etc. effective on December 22, 2022.
  • Revised the language and links in the Resource Library and tool tip.
  • Changed the title of the Notify the Korea Communication Commissions (South Korea Communication Services Provider) task to Notify the Supervisory Authorities Commissions (South Korea Communication Services Provider).
  • Revised the language of the notification instructions of the renamed task.
    • Specified the notification time frame and required notice content.
    • Added an additional notice requirement when the breach resulted from an infringement accident.
    • Updated online reporting links and the contact information of the supervisory authorities.

Zimbabwe

Updated the language in the Notify the Authority (Zimbabwe) task. Specifically, included a template breach notification form for notifying the Postal and Telecommunications Regulatory Authority of Zimbabwe pursuant to the Cyber and Data Protection (Licensing of Data Controllers and Appointment of DPOs) Regulations, 2022.