Privacy updates in SOAR Platform 49.2

The Privacy Solution is reviewed for each IBM Security QRadar® SOAR Platform release.

The following regulators were updated in SOAR Platform 49.2.

Regulator	Description
Israel	Updated the timeframe of “Notify the PPA (Israel)” task from "72 hours" to "immediately"; updated the language of “Notify the PPA (Israel)”. Specifically, added the interpretation of “severe security incidents” according to the new guidance of the Privacy Protection Authority (PPA), updated the PPA’s contact information, and inserted links to the new guidance, the notification form, and the list of examples qualifying as “severe security incidents” of the PPA.
Connecticut	Updated language in the "Resource Library" to include breach notification obligations under the Connecticut Data Privacy Act, 2023. Updated the "Notify the Connecticut AG" task by inserting the link to the data breach notification portal.

Regulator

Description

Israel

Updated the timeframe of “Notify the PPA (Israel)” task from "72 hours" to "immediately"; updated the language of “Notify the PPA (Israel)”.

Specifically, added the interpretation of “severe security incidents” according to the new guidance of the Privacy Protection Authority (PPA), updated the PPA’s contact information, and inserted links to the new guidance, the notification form, and the list of examples qualifying as “severe security incidents” of the PPA.

Connecticut

Updated language in the "Resource Library" to include breach notification obligations under the Connecticut Data Privacy Act, 2023.

Updated the "Notify the Connecticut AG" task by inserting the link to the data breach notification portal.

The following regulators were added in this release.

Regulator	Description
Vietnam	The Decree No.13/2023 on the Protection of Personal Data (“the Decree”). Region: Asia Requirements and Timing: Vietnamese Law establishes rules relating to the protection of natural persons regarding the processing of personal data.  In the case of detecting a violation of the Decree, the data controller must notify the Department of Cybersecurity and Hi-tech Crime Protection under the Ministry of Public Security about the violation within 72 hours after having become aware of it. The new regulator includes the “Notify the Supervisory Authority (Vietnam)” task.

Regulator

Description

Vietnam

The Decree No.13/2023 on the Protection of Personal Data (“the Decree”).

Region: Asia

Requirements and Timing: Vietnamese Law establishes rules relating to the protection of natural persons regarding the processing of personal data.  In the case of detecting a violation of the Decree, the data controller must notify the Department of Cybersecurity and Hi-tech Crime Protection under the Ministry of Public Security about the violation within 72 hours after having become aware of it.

The new regulator includes the “Notify the Supervisory Authority (Vietnam)” task.

We appreciate feedback on current legislation and guidance, whether it appears in our product or not. If you have any questions about the current SOAR Platform privacy solution, or if you have suggestions for future updates, contact your Customer Relationship Manager.