Privacy updates V1.10.12

The Privacy Solution includes new and updated regulators in this release.

We always appreciate feedback on current legislation and guidance whether it appears in our product or not. Contact your Customer Relationship Manager if you have any questions about these updates or suggestions for future updates. You can also use the IBM Community to see how your peers are using the Privacy solution to simplify the complex world of information security.

The following regulators were added in this release.
Regulator Description

Ecuador

This regulator was added to the Privacy Solution.
  • Title: The Organic Law on the Protection of Personal Data (“the Law”)
  • Region: Latin America
  • Requirements and timing: Ecuadorian Law establishes rules relating to the protection of natural persons regarding the processing of personal data.  In the case of a personal data breach, the data controller must notify Data Protection Superintendency and Telecommunications Regulation and Control Agency (ARCOTEL) within 5 days after having become aware of a breach and notify data subjects within 3 days.
The regulator includes the following tasks:
  • Notify Data Subjects (Ecuador)
  • Notify the Supervisory Authorities (Ecuador)
  • Investigation (Harm)

The following regulators were updated in this release.

Regulator Description

GDPR

Updated this regulator pursuant to EDPB guidelines adopted on March 23, 2023.

Specifically, the following changes were made:
  • In the Europe section of the Regulator menu, updated the link to the EDPB Guidelines 8/2022 on identifying controller or processor's lead supervisory authority and processors, version 2.0, and revised the language regarding Regulator selection of non-EEA controllers under the EDPB Guidelines 9/2022 on personal data breach notification under GDPR, version 2.0.
  • Updated the Resource Library to add relevant provisions, including a link, for EDPB Guidelines 9/2022 on personal data breach notification under GDPR, version 2.0.

New York

Updated personal data types to trigger notification tasks.

Removed the expired downloading link to the breach reporting form and added the link to the data breach reporting guidance of the NY State in the following tasks:
  • Notify NY AG
  • Notify NY State Police
  • Notify NY State Division of Consumer Protection

Utah

Updated this regulator pursuant to the amendments effective on May 3, 2023.

Specifically, added the following tasks:
  • The Notify UT State AG and UT Cyber Center task is triggered when the number of affected Utah Residents is equal to or more than 500.
  • The Notify Credit Bureaus (UT) task is triggered when the number of affected Utah Residents is equal to or more than 1000.