Configure breach settings

If you are monitoring privacy-related events, use the Breach tab to provide the Orchestration & Automation application with the privacy regulators and locations applicable to your company, as well as the types of privacy data your company captures.

The Breach tab contains the privacy breach-related configuration settings and customizable features for your organization. It is essential that the configuration settings are completed so that the application is an effective tool to help your organization respond properly to a data breach.

Note: The SOAR Breach Response add-on is controlled from the platform entitlements. If SOAR Breach Response add-on is not enabled in the platform, the privacy database and related components are not available in IBM® Security QRadar SOAR and breach-related tasks are not generated in a playbook.
The tab organizes the privacy breach-related configuration settings into the following three categories.
  • Regulators: Specifies which regulators govern your organization. By selecting the appropriate regulators, the system can generate the regulatory required tasks in the case of a data breach. In addition, this is where you select the best practices to be applied when generating playbooks.

    Click the Edit button to enable changes, and then select the regulators, jurisdictions, and locations that apply to your organization. These selections potentially influence liability estimates and recommended tasks. When done, click Save.

    Regarding EMEA, AsiaPac, and Latin America: Only those countries in which the corporate establishment or data processing is material to a particular incident should be selected. This may also be done at the time the incident is being created. Refer to each country’s tool tip for additional detail.

    Incident owners have the option to adjust which regulators apply to a particular incident during incident creation. Doing so does not change the default regulators selected here.

    You can optionally select Organizational Rules - Data Breach Best Practices. These are suggested non-regulatory activities for responding to breaches of PII.

  • Data Types: Specifies the data types that the company generally captures and/or stores. All fields are available during the recording of an incident but the fields selected here are highlighted. Click the Edit button to enable changes and then click Save when you have made the desired selections.
  • Affected Individuals: This section lists the locations where individuals might reside. Document the number of affected individuals by residency.
  • Jurisdictions: Specifies the states within the U.S. Select all jurisdictions for which your organization has records. For example, you should select California even if your organization does not have an office in California, but stores information related to residents of that state. The selected states appear in a list for each incident, and the user selects the states for which information was lost during the specific incident. Click the Edit button to enable changes and then click Save when you have made the desired selections. Jurisdictions not indicated here can be added during incident creation if necessary.