Breach
The SOAR Breach Response add-on contains the Privacy database and the breach notification rules. It generates personal data breach compliance tasks in case task lists.
If the case involves Personal Information or Personal Data, you must update the case information under the Breach tab to determine any potential notification obligations, including the types of data involved, number of records, applicable regulators and locations.
You might not see this tab if your organization does not have a license and entitlement for the SOAR Breach Response add-on and if it is not configured by your administrator. SOAR Breach Response add-on entitlement is managed from General settings > Licensing & usage in the platform menu.
Entering the Personal Information or Personal Data details allows the system to generate an assessment, which provides a summary of the reporting and notification requirements.
- Privacy. This section provides information on any privacy-related issues.
- Data Types. There are a number of categories of data types, such as financial and medical. Choose the specific data types in each category that applies to the case.
- Affected Individuals. This section lists the locations where individuals might reside. Document the number of affected individuals by residency.
- Regulators. This section organizes regulators by jurisdiction. You can select the regulators that apply to your company and are applicable to the case. It is important to read each tooltip to determine applicability to the case.
To see the categories and fields in each tab, click the Edit button. You can then edit the various fields as required. Click Save to implement your changes.
The application maintains a database of breach notification statutes (laws passed by a legislature and signed into law), regulations (laws made by agencies), trade organization bulletins, and guidance documents, including penalties where applicable. You can review the statutes in the Resource Library, which you access by selecting Wiki from the system menu. Select the jurisdiction or regulator to view the relevant text of the document. Hyperlinks to the full source documents are also included. The Resource Library is organized into sections. Access to each section is dependent on your organization’s subscription.