OneTrust

OneTrust Privacy. Privacy Management Software. Operationalize Your ​Privacy Program for ​CCPA, GDPR & ​All the World's Privacy Laws​.

  • $300 – $6,500 per vulnerability
  • Safe harbor
Submit report

New Version Released!

Summary

Happy Monday, Researchers! OneTrust has released its latest version, which has provided new features to our solution for you to review and test. We have provided a list of new features that have been added along with the respective modules.

New Features

Consent and Preference Management

  • Automatically Add Geolocation for OneTrust Hosted & Embedded Web Form Collection Points

    Automatically populate a data subject’s geolocation using the Enable geolocation tracking for this collection point setting on the Settings tab of OneTrust Hosted Web Form Collection Points and OneTrust Embedded Web Form Collection Points. When geolocation tracking is enabled for both a purpose and the Collection Point, then the geolocation will be populated by default. When geolocation tracking is disabled for a purpose but enabled for the Collection Point, then users will have the option to enable geolocation services per purpose on the Collection Point.

  • Phone Number Validation

    Values entered for Phone Number data element types are now validated when interacting with OneTrust Hosted Web Form Collection Points. This enhancement requires a valid phone number to be entered in order for a data subject to change their preferences.

  • New Parameter for Interaction Date Validation

    The example payload on the Integrations tab for Custom API type Collection Points now includes the new enableDataElementDateValidation parameter to allow interaction date validation for data element updates. When the parameter value is set to true, data elements will retain the value of the receipt with the latest interaction date. When the parameter value is set to false or not included, data element values will get overwritten with the value of the most recent receipt, regardless of the associated interaction date (legacy behavior).

Data Catalog

  • Seeded Data Policies

    Utilize seeded data policies to conduct common use cases. These out-of-the-box options include automation rules with recommended conditions and actions so data governance users can return results, automate decisions, and take action concerning security violations and public access risks.

    • Sensitive Files with Public Access
    • Security Violations
    • Amazon S3 Bucket(s) with Public Access

  • ROT Classification Tags

    Scan data assets with the new Redundant, Obsolete, or Trivial (ROT) classification tag to identify irrelevant data. This tag type promotes data minimization practices so data is only collected for specific purposes and retained as long as only necessary.

Data Mapping

  • Personal Data Grid

    Link personal data to inventory records using the new personal data grid. This feature enhances personal data linking by enabling you to visualize data subject types and data elements in a grid format when linking them to an inventory record.

Incident Management

  • Incident Detail Inheritance

    Configure a relationship between an incident question and inventory or data element questions to automatically populate data elements and inventories on a newly created incident. With this enhancement, all data elements and inventories added to an assessment will populate details on the incident record.

Third-Party Risk Management

  • Related Data Elements on Engagements

    Manage related data elements at the engagement level using the new Personal Data tab on the Engagement Overview screen. This feature allows users to easily view and edit the Personal Data Elements linked to an engagement.

  • Assessment Score Template Update

    Create risks within vendor assessments using the assessment score profile as a condition on the Template Details screen. This feature allows users to configure template rules that create risks in templates managed within the Third-Party Risk Management module.

  • Reorder Attribute Options

    Reorder engagement attribute options using the new Reorder Options button on the Attribute Details screen. With this enhancement, users can configure the order in which the attribute options appear in the engagement details and assessments.

  • New Automation Rule Conditions

    Configure engagement and inventory automation rules using the new Assessment Score Profile – By Template condition. This enhancement allows users to configure automation rules to trigger actions based on score profiles.

Name URL
OneTrust https://bugcrowd.com/programs/onetrust

If you have any questions, please reach out to support@bugcrowd.com.

OneTrust
OneTrust