Combined Privacy Management release notes for upgrades from Yokohama to Australia

How to use this page

To help you prepare for your upgrade, we have combined the cross-family Privacy Management release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Yokohama to Australia.

Tip:

If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

Important information for upgrading Privacy Management to Australia

Before you upgrade to Australia, review these pre- and post-upgrade tasks and complete the tasks as needed.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

New features

Between your current release family and Australia, new features were introduced for Privacy Management.


Release	Release notes
Yokohama	[Placeholder link text to key bundle-grc.configure-criticality-factors] Leverage criticality factors to evaluate the initial risks associated with processing activities. Integrate these factors into privacy assessments and automatically generate a criticality score upon assessment approval. These factors are also added to processing activities, enabling you to make updates at any time. Integrating these factors in a privacy assessment eliminates the need for a separate criticality assessment. This consolidation reduces the workload for the privacy teams. Smart assessments Use the new and improved assessment experience that enables: capturing the data elements, the information object attributes, hierarchies building the assessment questionnaire This new experience enables responders to update all the necessary details within the assessments, eliminating the need to update the processing activity separately. Configure categories Implement Information object categories to tag and classify information objects effectively. For example, attributes like iris scans and fingerprints are often referred to as biometric data, or email addresses and phone numbers can be tagged as contact information. Information object categories enable you to categorize these information objects under these broader classifications. This approach is useful in the following ways: Enhances compliance with regulations such as GDPR, CCPA, and so on by accurately capturing and tracking required data categories. Improves clarity for business users, ensuring they can easily identify and work with terms they’re familiar with while adhering to regulatory standards. Streamlines data governance by creating a structured framework that supports both regulatory needs and business operations. Smart assessment for privacy case management action tasks Use the new assessment experience of Smart Assessment Engine for privacy case action tasks. Only when an action task moves from the Draft to the Assigned state, the assessment can be sent. To use the smart assessment, a new property called enable_smart_assessments (sn_grc_case_mgmt.enable_smart_assessments) is introduced with the default value as true.
Zurich	Data subjects Select and define the multiple data subject types for each processing activity. You can capture the volume of data subjects that were processed, the specific data elements that were collected from the users, and the user locations. With this feature, you get a realistic, granular, and scalable representation of your processing activities. Privacy management dashboard Get an overview of your complete privacy risk and compliance posture from the Privacy Management dashboard so that you can quickly prioritize and remediate your processing activities. By looking at the Processing Activities, Risk & Compliance, and Operations & Case management sections, you can see the overall compliance score, trends, privacy criticality assessment scores, and risk heatmap. From the dashboard, you can also see information about the global legal framework to understand the regional obligations and the built-in risk metrics that automatically assess each processing activity. New screening and PIA templates Use the new Privacy Impact Assessments (PIAs) and Screening Assessment templates that provide standardized questions, evaluation criteria, and workflows so that you can perform a processing activity criticality and privacy risk assessment. With these new templates, you can ensure consistency, reduce manual effort, and support compliance with regulatory and organizational requirements.
Australia	Report a privacy case anonymously Employees can now use the Anonymous Reporting Center to report privacy violations such as data breaches or exposure, unauthorized data use, privacy law violations (GDPR, CCPA), or other privacy-by-design lapses without revealing their identity or location. Accessed through the Employee Center, the Anonymous Reporting Center portal automatically logs users out to enforce anonymity, creates case records without mapping to employee identity, and provides a unique report key for secure follow-up communication. Reports are routed to the appropriate compliance team based on the nature of the concern. Throughout the investigation process: Investigators can request additional information through a comments system visible to the reporter Reporters can follow up on their case using their report key to check progress and respond to questions All interactions maintain reporter anonymity at every step; no identity or location data is ever captured or linked This enhancement enables organizations to build trust, mitigate risks before escalation, and ensures regulatory compliance with whistleblower protection requirements. Case summarization for privacy cases Privacy analysts can now use the Now Assist case summarization feature to quickly understand a privacy case without manually reviewing every field or related list. Now Assist analyzes key case attributes, such as timelines, impacted areas, evidence, and actions, and generates a structured summary directly inside the privacy case. This solves a common problem: case data is often lengthy, scattered across multiple related lists, and difficult for analysts to digest efficiently. Analysts can also save and edit summaries as case data evolves, ensuring the record stays current. Hierarchy and lineage enhancements The Hierarchy and lineage enhancements enables privacy teams to identify which systems, vendors, and applications belong to a specific processing activity by marking relationships as “part of a processing activity.” This differentiates scoped components from global or shared connections. Users can toggle between a processing‑activity‑scoped view and a full lineage view, helping them understand data flows in the appropriate context. Privacy content accelerator The privacy regulatory content through Unified Content Management provides pre‑built authority documents, citations, control objectives, and risk statements aligned with major privacy frameworks, including GDPR, CCPA, LGPD, and the NIST Privacy Framework 1.0. These resources are available for download directly from the Privacy Workspace, enabling teams to readily access standardized regulatory content.

Changes

Between your current release family and Australia, some changes were made to existing Privacy Management features.


Release	Release notes
Yokohama	Tagging of information object tags Use the Data classification field to tag information objects instead of using the tag icon. Initiating privacy assessment When you initiate a privacy assessment from either an entity or a processing activity, you’re no longer redirected to the Create new privacy assessment form, instead, a new pop-up window appears where you can specify all the assessment details.
Zurich	Zurich Patch 4 Zurich Patch 1 Processing activity tab The revamped Processing Activity overview page provides a unified dashboard that displays key compliance and risk metrics, such as risk scores, compliance scores, and criticality scores. This update makes it easier for privacy managers and analysts to assess the status of each processing activity, track open issues, and prioritize actions. Layout for processing activity record view The vertical layout of a processing activity enables you to see the information in a top-down linear flow. With this layout, you can see the sequential representation of a data processing workflow. Privacy management home page The enhanced Privacy Management home page now has dedicated tabs for Processing Activity, Risk and compliance, Operations, and Privacy Cases. This updated layout helps to improve readability by organizing your reports into clearly defined sections.
Australia	No updates for this release.

Removed

Between your current release family and Australia, some Privacy Management features or functionality were removed.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Deprecations

Between your current release family and Australia, some Privacy Management features or functionality were deprecated.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Activation information

Review information on how to activate Privacy Management.


Release	Release notes
Yokohama	Install Privacy Management by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Zurich	Install Privacy Management by requesting it from the ServiceNow Store.
Australia	Install Privacy Management by requesting it from the ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

Additional requirements

If any additional requirements were introduced or changed for Privacy Management we have noted them here.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Browser requirements

If any specific browser requirements were introduced or changed for Privacy Management we have noted them here.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Accessibility information

Review details on accessibility information for Privacy Management, such as specific requirements or compliance levels.


Release	Release notes
Yokohama	No updates for this release.
Zurich
Australia	No updates for this release.

Localization information

If there are specific localization considerations for Privacy Management we have noted them here.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Highlight information

If there are specific highlight considerations for Privacy Management we have noted them here.


Release	Release notes
Yokohama	Integrate criticality factors into assessments and processing activities thereby simplifying the assessment process, and reducing the workload for privacy teams. Use the Smart Assessment Engine to capture details regarding information objects and hierarchies, updating all details within the assessments and eliminating the need to separately update processing activities. Implement information Object (IO) categories such as biometric data, to align with regulatory classifications and bridge the gap between requirements and user understanding. Empower privacy case analysts to perform assessments on privacy cases using the Smart Assessment Engine See Privacy Management for more information.
Zurich	A new external Personal data rights (PDR) request form enables customers, ex-employees, and third parties to submit PDR requests from a website with email verification. Access Control by Legal Entity feature enables teams to access only processing activities relevant to their legal entity, maintaining privacy by design principle. Now Assist for Privacy Management plugin uses Generative AI to streamline privacy workflows by summarizing assessments, condensing issues, and merging control objectives. Reporting privacy incidents through email feature enables employees to report privacy incidents directly through email. Impacted and related areas configuration allows privacy case managers to add custom business area types to privacy cases for better context. Revamped Processing Activity overview page provides a unified dashboard showing key compliance and risk metrics for processing activities. See Privacy Management for more information.
Australia	Automatically generate an AI-recommended privacy case summary from varied compliance case data, reducing investigation time and enabling faster, more consistent decision-making. Anonymously report compliance violations through a secure portal that maintains complete identity protection while enabling organizational trust and regulatory compliance. See Privacy Management for more information.