Dear members,
Below you can find the meeting minutes from our working group call on the 2nd of March as the call on the 14th of March was canceled:
- Discussion took place on the possibility of the PLA working group collaborating with the Privacy by Design sub-group of the DevSecOps WG.
- There is a call scheduled for tomorrow (Wednesday 23 March) at 08:00 a.m. PST / 11:00 EST / 16:00 GMT / 17:00 CET.
(Join Zoom Meeting: https://cloudsecurityalliance.zoom.us/j/85625718448?pwd=b3h2dDdHVjVLeDlyZTRuTUlORnR3UT09, Passcode: 318287)
- The working group has finalized the multi-phase exercise for the 'CSA Code of Conduct for GDPR Compliance amendments document for CCPA compliance' for CSPs.
- The addendum to the CSA Code of Conduct (CoC) was finalized (document in .word form). This resulted in the new Annex10 in the CoC. A new additional sheet/tab was attached to self-attestation form CSPs should submit (PLA CCPA (Annex10), excel document). These are the amendments made to the CoC controls in order to cover the gaps with the CCPA.
- The possibility to update this exercise considering the latest changes to the CCPA in light of the CPRA and other legislation that has come out in the meantime, was mentioned.
- The above mentioned work is now open for peer review commenting and feedback, and will stay open until April 10.
- The CNIL has finally provided feedback about the revision of the main Code of Conduct. CNIL suggested to revise the control on Data Transfers. The WG will need to stay alert regarding developments on the successor of the Privacy Shield and data transfers to the U.S.
Next working group call:
Date: Tuesday, 28th March
Time: 09:00 a.m PST / 12:00 p.m. EST / 17:00 CET.
URL: https://zoom.us/j/346875696?pwd=d0Y5YlNDbmdldnY3UEJaTTYyci8vZz09 (Meeting ID: 346 875 696, Password: 442986)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------