Privacy updates

The privacy solution is reviewed for each IBM Security QRadar SOAR Platform release. Review the privacy updates that were made in SOAR Platform 49.0.

The following regulators are new in this release.

Regulator	Description
Ecuador	This regulator was added to the Privacy Solution. Title: The Organic Law on the Protection of Personal Data (“the Law”) Region: Latin America Requirements and timing: Ecuadorian Law establishes rules relating to the protection of natural persons regarding the processing of personal data.  In the case of a personal data breach, the data controller must notify Data Protection Superintendency and Telecommunications Regulation and Control Agency (ARCOTEL) within 5 days after having become aware of a breach and notify data subjects within 3 days. The regulator includes the following tasks: Notify Data Subjects (Ecuador) Notify the Supervisory Authorities (Ecuador) Investigation (Harm)

Regulator

Description

Ecuador

This regulator was added to the Privacy Solution.

Title: The Organic Law on the Protection of Personal Data (“the Law”)
Region: Latin America
Requirements and timing: Ecuadorian Law establishes rules relating to the protection of natural persons regarding the processing of personal data.  In the case of a personal data breach, the data controller must notify Data Protection Superintendency and Telecommunications Regulation and Control Agency (ARCOTEL) within 5 days after having become aware of a breach and notify data subjects within 3 days.

The regulator includes the following tasks:

Notify Data Subjects (Ecuador)
Notify the Supervisory Authorities (Ecuador)
Investigation (Harm)

The following regulators were updated in this release.

Regulator	Description
GDPR	Updated this regulator pursuant to EDPB guidelines adopted on March 23, 2023. Specifically, the following changes were made: In the Europe section of the Regulator menu, updated the link to the EDPB Guidelines 8/2022 on identifying controller or processor's lead supervisory authority and processors, version 2.0, and revised the language regarding Regulator selection of non-EEA controllers under the EDPB Guidelines 9/2022 on personal data breach notification under GDPR, version 2.0. Updated the Resource Library to add relevant provisions, including a link, for EDPB Guidelines 9/2022 on personal data breach notification under GDPR, version 2.0.
New York	Updated personal data types to trigger notification tasks. Removed the expired downloading link to the breach reporting form and added the link to the data breach reporting guidance of the NY State in the following tasks: Notify NY AG Notify NY State Police Notify NY State Division of Consumer Protection
Utah	Updated this regulator pursuant to the amendments effective on May 3, 2023. Specifically, added the following tasks: The Notify UT State AG and UT Cyber Center task is triggered when the number of affected Utah Residents is equal to or more than 500. The Notify Credit Bureaus (UT) task is triggered when the number of affected Utah Residents is equal to or more than 1000.

We appreciate feedback on current legislation and guidance, whether it appears in our product or not. If you have any questions about the following updates or suggestions for future updates, contact your Customer Relationship Manager.

To learn more about how your peers are taking full advantage of the SOAR Platform, see the IBM Security QRadar SOAR Community.