OneTrust

OneTrust Privacy. Privacy Management Software. Operationalize Your ​Privacy Program for ​CCPA, GDPR & ​All the World's Privacy Laws​.

  • $300 – $6,500 per vulnerability
  • Safe harbor
Submit report

Version 6.35 Released!

Summary

Happy Friday, Researchers! OneTrust has released its latest version (6.35), which has provided new features to our solution for you to review and test. We have provided a list of new features that have been added along with the respective modules.

New Features

Assessment Automation

  • Configure Routing Rules in Assessment Workflow

    Access the Routing Rules feature located in the Assessment Workflow screen. This feature allows admins to configure Routing Rules to automatically route their assessments to a specific workflow upon creation or submission.

  • New Language Filter on Gallery Template Screen

    View the new language filter located on the Gallery Template screen. This feature allows users to view the language selection menu to switch languages at the user's discretion.

  • Use Multiple Not Equal To Options in Template Rules

    Utilize the new Not Equal To Options located in the Template Rules. The Contains Any, Contains All, and Does Note Contain options will assist in simplifying the Template Rules creation process when adding multiple conditions.

Consent Management

  • Automate Country Codes on OneTrust Web Form Collection Points

    Use the Enable geolocation to pre-fill sub-fields setting on the Settings tab of a OneTrust Web Form Collection Point to pre-fill phone number data elements with the country code. This allows users accessing your OneTrust Web Form to save time when completing the fields on the collection point.

  • Decline Consent for Multiple Purposes

    Create withdrawn transactions using the Unsubscribe All setting or using the Opt In/Opt Out setting in the Preference Center. This enables end users to decline consent for multiple purposes at once.

  • New Salesforce CRM Integration

    Integrate Salesforce Sales Cloud environments with OneTrust using Native Integrations on the Setup menu. This update allows the smooth transfer of data from OneTrust to Salesforce.

  • Consent Updated and Consent Profile Updated Triggers

    Update consent using the Consent Updated and Consent Profile Updated triggers in an integration workflow on the Connections screen. This enables you to sync contact, lead, and account consent data from your OneTrust environment to Salesforce.

Cookie Compliance

  • Allow HTML in Templates

    Allow HTML tags within template fields by enabling the HTML Sanitization setting in Global Settings.

  • Google Analytics Enhancements

    Configure "gaEvent" tracking and associate it with a category when publishing the domain script. This enables you to track user interaction with your CMP only after a user has granted consent for a specific category.

  • Enable Unique User Agent on Scans

Configure the OneTrustBot User Agent in the website scanner when scanning web pages. This feature allows you to enable or disable the OneTrust user agent when launching website scans depending on your organization's needs.

DataDiscovery

  • Use Vault Rotation to Rotate Login Credentials

    Safeguard your login credentials with vault rotation of your secret ID. Vault rotation is supported for AppRole auth method by HashiCorp.

  • Create Cassandra Scan Profiles with object Limits

    Create scan profiles to catalog and scan a Cassandra data source. Limits can be set for:

    • Maximum number of keyspaces
    • Maximum number of tables per keyspace
    • Maximum number of objects per table

  • Add the Icons to the Credential List page

    Display the type of data source icon on the credential list page.

Data Redaction

  • New Redaction Preferences Menu

    Manage your redaction preferences at the account level for default classifiers and custom keywords. This new menu item in the Privacy Rights (DSAR) module empowers organizations to specify their general settings for skipping, detecting for review, or automatically redacting when attachments are uploaded.

Enterprise Policy Management

  • Send Custom Email Notifications

    Configure policy, procedure, and standard workflow rules to automatically send custom email notifications to all approvers selected in the workflow Stage Details tab. With this enhancement, users can configure a custom email by adding dynamic variables to the subject and body of the email.

ESG Program Management

  • Create Metrics and Metric Groups in Bulk

    Create multiple custom metrics or metric groups at once using the Create Metrics and Metric Groups import template. Creating metrics and metric groups in bulk enables you to jumpstart your ESG program with your existing metrics and more smoothly collect data against custom metrics and metric groups.

  • Bulk Import Metric Data

    Import data for multiple metrics at once using the Bulk Update Metrics template. Bulk importing enables you to consolidate externally stored ESG metric data centrally in ESG Program Management.

  • Custom Units of Measurement

    Define custom units of measurement when collecting metric data. Custom units of measurement provide flexibility to gather any metrics relevant to your ESG program regardless of measurement unit.

  • Metric Data Integration Workflows

    Add metric data using the Workflow Builder in the Integrations module. The Workflow Builder allows you to seamlessly integrate data from external systems and sources into your ESG Program Management account.

Incident Response Management

  • Assign User Groups to Incidents

    Assign user groups to an incident when creating an incident, editing details, and configuring routing rules. This feature allows users to assign an incident to a user group instead of adding assignees individually.

  • Incident Comments

    Add comments on an incident record using the new Comments tab on the Incident Details screen. This feature allows users to add comments to easily track changes and communicate with others working on the incident.

  • The Dynamic Incident Notification Assessment (DINA) now supports guidance for the following jurisdictions:

    The Dynamic Incident Notification Assessment (DINA) now supports guidance for the following jurisdictions:

    • North Macedonia
    • New Zealand
    • South Korea
    • San Marino

    This enhancement allows users to generate guidance by completing the DINA.

  • Existing DINA Guidance Updates

    DINA content has been updated for Japan and California to align with new amendments. The California jurisdiction now includes an extra option due to the California Data Breach Notification & Data Security Law Amendment Bill on genetic data. The Japan jurisdiction guidance and rules have been updated to include mandatory notification requirements to align with the new Japan Amendment Act.

  • Databreachpedia Updates

    The breach notification laws, contact information, links, and physical address of responsible regulators have been updated in Databreachpedia for various jurisdictions in Europe, Asia, Africa, and North America.

Privacy Rights (DSAR)

  • New Columns for Subtask Queue and Reporting

    Access the new columns for the Subtask queue and Reporting: Subtask Created Stage and Current Request Stage. The Task Status filter has been renamed to Subtask Status with the same column filtering functionality and translatable on dashboards.

Vendor Portal

  • Tracking Vendor Risk Management Assessments

    Track assessments launched from the Vendor Risk Management module in the Request list. This allows you to sign into your Vendor Portal account after receiving a request from Vendor Risk Management to respond and track the request.

  • Requests Activity History

    View activity related to requests from the Request Activity modal on the Requests screen. This allows you to see what changes were made to a request, who made the changes, and when the changes were made.

  • Documents Activity History

    View activity related to documents from the Document Activity modal on the Documents screen. This allows you to see what changes were made to a document, who made the changes, and when the changes were made.

  • Customers Activity History

    View all updates and interactions related to customers from the Customers Activity modal on the Customer Details screen. This allows you to see what changes were made to a customer, who made the changes, and when the changes were made.

Vendor Risk Management

  • Engagements Activity

    View activity related to engagements from the Activity tab of the engagement's Inventory Details screen. This allows you to see what changes were made to an engagement, who made the changes, and when the changes were made.

  • Contract Automation Rule Enhancements

    Configure Automation Rules for contracts to send scheduled email notifications to users associated with the vendor. This allows you to automatically send email notifications to user attributes which are configured on the vendor.

  • Configure Engagement Status

    Configure the Status of a vendor engagement. This feature allows you to specify if a vendor engagement is Pending, Active, or Archived as well as configure the default Status for newly created engagements.

  • View Custom Attributes on the Contracts List Screen

    Select your custom attributes when using the Column Selector on the Contract list screen. This allows you to pull in both custom and system default values for all attributes on the Contract list screen.

OneTrust
OneTrust