The privacy solution is reviewed for each IBM Security QRadar SOAR Platform release. Review the privacy updates that were
made in SOAR Platform
49.0.
The following regulators are new in this release.
Regulator |
Description |
Ecuador
|
This regulator was added to the Privacy Solution.
- Title: The Organic Law on the Protection of Personal Data (“the Law”)
- Region: Latin America
- Requirements and timing: Ecuadorian Law establishes rules relating to the protection of
natural persons regarding the processing of personal data. In the case of a personal data breach,
the data controller must notify Data Protection Superintendency and Telecommunications Regulation
and Control Agency (ARCOTEL) within 5 days after having become aware of a breach and notify data
subjects within 3 days.
The regulator includes the following tasks:
- Notify Data Subjects (Ecuador)
- Notify the Supervisory Authorities (Ecuador)
- Investigation (Harm)
|
The following regulators were updated in this release.
Regulator |
Description |
GDPR
|
Updated this regulator pursuant to EDPB guidelines adopted on March 23, 2023.
Specifically, the following changes were made:
- In the Europe section of the Regulator menu, updated the link to the EDPB Guidelines 8/2022
on identifying controller or processor's lead supervisory authority and processors, version 2.0,
and revised the language regarding Regulator selection of non-EEA controllers under the EDPB
Guidelines 9/2022 on personal data breach notification under GDPR, version 2.0.
- Updated the Resource Library to add relevant provisions, including a link, for EDPB
Guidelines 9/2022 on personal data breach notification under GDPR, version 2.0.
|
New York
|
Updated personal data types to trigger notification tasks.
Removed the expired downloading link to the breach reporting form and added the link to the data
breach reporting guidance of the NY State in the following tasks:
- Notify NY AG
- Notify NY State Police
- Notify NY State Division of Consumer Protection
|
Utah
|
Updated this regulator pursuant to the amendments effective on May 3, 2023.
Specifically, added the following tasks:
- The Notify UT State AG and UT Cyber Center task is triggered when the number of affected
Utah Residents is equal to or more than 500.
- The Notify Credit Bureaus (UT) task is triggered when the number of affected Utah
Residents is equal to or more than 1000.
|
We appreciate feedback on current legislation and guidance, whether it appears in our product or
not. If you have any questions about the following updates or suggestions for future updates,
contact your Customer Relationship Manager.
To learn more about how your peers are taking full advantage of the SOAR Platform, see the IBM Security QRadar SOAR Community.