Privacy updates V1.10.14

The Privacy Solution includes updated regulators and a new regulator in this release.

We always appreciate feedback on current legislation and guidance whether it appears in our product or not. Contact your Customer Relationship Manager if you have any questions about these updates or suggestions for future updates. You can also use the IBM Community to see how your peers are using the Privacy solution to simplify the complex world of information security.

The following regulators were updated in this release.

Regulator	Description
Israel	Updated the timeframe of “Notify the PPA (Israel)” task from "72 hours" to "immediately"; updated the language of “Notify the PPA (Israel)”. Specifically, added the interpretation of “severe security incidents” according to the new guidance of the Privacy Protection Authority (PPA), updated the PPA’s contact information, and inserted links to the new guidance, the notification form, and the list of examples qualifying as “severe security incidents” of the PPA.
Connecticut	Updated language in the "Resource Library" to include breach notification obligations under the Connecticut Data Privacy Act, 2023. Updated the "Notify the Connecticut AG" task by inserting the link to the data breach notification portal.

Regulator

Description

Israel

Updated the timeframe of “Notify the PPA (Israel)” task from "72 hours" to "immediately"; updated the language of “Notify the PPA (Israel)”.

Specifically, added the interpretation of “severe security incidents” according to the new guidance of the Privacy Protection Authority (PPA), updated the PPA’s contact information, and inserted links to the new guidance, the notification form, and the list of examples qualifying as “severe security incidents” of the PPA.

Connecticut

Updated language in the "Resource Library" to include breach notification obligations under the Connecticut Data Privacy Act, 2023.

Updated the "Notify the Connecticut AG" task by inserting the link to the data breach notification portal.

The following regulators were added in this release.

Regulator	Description
Vietnam	The Decree No.13/2023 on the Protection of Personal Data (“the Decree”). Region: Asia Requirements and Timing: Vietnamese Law establishes rules relating to the protection of natural persons regarding the processing of personal data.  In the case of detecting a violation of the Decree, the data controller must notify the Department of Cybersecurity and Hi-tech Crime Protection under the Ministry of Public Security about the violation within 72 hours after having become aware of it. The new regulator includes the “Notify the Supervisory Authority (Vietnam)” task.

Regulator

Description

Vietnam

The Decree No.13/2023 on the Protection of Personal Data (“the Decree”).

Region: Asia

Requirements and Timing: Vietnamese Law establishes rules relating to the protection of natural persons regarding the processing of personal data.  In the case of detecting a violation of the Decree, the data controller must notify the Department of Cybersecurity and Hi-tech Crime Protection under the Ministry of Public Security about the violation within 72 hours after having become aware of it.

The new regulator includes the “Notify the Supervisory Authority (Vietnam)” task.