Privacy updates in IBM Security QRadar SOAR 51.0.1.1

The privacy solution is reviewed for each IBM Security QRadar SOAR release. Review the privacy updates that were made in SOAR Platform 51.0.1.1.
The following regulators were added in this release.
Regulator Description
Europe
Georgia
  • Law of Georgia on Personal Data Protection
  • Region: Europe
  • Requirements and Timing: The Law of Georgia on Personal Data Protection established rules relating to the protection of natural persons regarding the processing of personal data. In the case of a personal data breach, the data controller must notify the Supervisory Authority in 72 hours after the discovery of the breach if it causes risks on basic human rights and freedoms, notify affected individuals without undue delay if it causes high risks, and document the breach.
The new regulator includes the following tasks:
  • “Notify Affected Individuals (Georgia (Country))”
  • “Notify the Supervisory Authority (Georgia (Country))”
  • “Document the Breach (Georgia (Country))”
US
Oregon (Data Brokers)
  • Oregon Data Broker Registration Law
  • Region: U.S. States and Territories
  • Requirements and Timing: The Oregon Data Broker Registration Law provides that data broker may not collect, sell or license brokered personal data unless the data broker first registers with Oregon Department of Consumer and Business Services. In the case of a personal data breach, the data broker must notify the Office of the Secretary of State within 45 days of such breach.
The new regulator includes the following tasks:

  • Notify the Director, Office of the Secretary of State (Oregon Data Brokers)"
The following regulators were updated in this release.
Regulator Description
US
Montana (State Agencies) Updated the Resource Library to reflect the amendments on MCA 2-6-1501 and 2-6-1503. Updated the language of ”Notify Affected Individuals” task by adding notification methods, required content, and permitted delay. Changed the name of “Notify MT Chief Information Officer” task to “Notify MT CISO” and updated the language by adding the new online reporting link. Updated the language of “Notify MT AG” task by adding the contact information of Montana Attorney General Office.
SEC Updated the Resource Library to reflect 17 CFR Parts 229, 232, 239, 240, and 249: Securities and Exchange Commission Final Rule 2023. Added tasks "Notify Supervisory Authority (SEC)" and "Notify the Authority - Annual Report (SEC)" in order to reflect notification requirements for material cybersecurity incidents.
Asia
China Updated the URL of the Personal Information Protection Law of 2021 in the Resource Library and Tooltip. Updated the URL of the CAC director mailbox in the “Notify the Appropriate Regulatory Authorities or Ministries” task.
Indonesia Updated the URL of the Law on Personal Data Protection in the Resource Library and Tooltip.
South Korea Updated the URL of the Personal Information Protection Act (PIPA) and the Enforcement Decree of PIPA in the Resource Library and Tooltip.

We appreciate feedback on current legislation and guidance, whether it appears in our product or not. If you have any questions about the following updates or suggestions for future updates, contact your Customer Relationship Manager.

To learn more about how your peers are taking full advantage of the SOAR Platform, see the IBM Security QRadar SOAR Community.