Privacy Level Agreement

Back to discussions
Expand all | Collapse all

Kind reminder of tomorrow's working group call!

  • 1.  Kind reminder of tomorrow's working group call!

    Posted Jul 10, 2023 03:15:00 PM

    Dear members,

    This is a kind reminder of our working group call scheduled for tomorrow, Tuesday 11 July, at 08:30 a.m. PST / 11:30 EST / 16:30 GMT / 17:30 CET.

    Action items for tomorrow:

    • Mark Vinkovits ( @Mark Vinkovits ) to address comments and notes made on row 22 and 24.
    • Working group to focus on the red cells that are white in column G. That means that they have been identified as In-scope by the WG chairs and need to be mapped to GDPR.

    Document logic (color codes):

    After the CPRA changes to the CCPA: New provisions (after the CPRA change to CCPA), the red cells present the new provisions introduced by the CPRA.

    Green cells show that the specific provision is as before, and nothing has been added.

    Yellow cells indicate that the provision has been updated from its previous state, thus this GDPR mapping needs to be revised.

    Step 1: Focusing on column B: Review the red cells – Identify the corresponding provision of CCPA with GDPR: Complete column C that represents the obligations raised for the cloud provider towards their clients.

    The ones that are flagged as Out-of-Scope are the ones that the chairs have flagged as out of scope.

    Step 2: Work on column C: Work on red cells that are marked as in-scope and identify the GDPR provision (column C) that corresponds to the CCPA (column B). Please look at example from rows 25 and 26.

    Step 3: Yellow cells: Revise the old mapping from previous work the WG has done (column C) and check/verify/revise if the gap analysis in column (G) is correct or needs to be updated now, that these provisions colored in yellow have been updated from the CPRA. Add your comments for this opinion, in column J.

    Column J: the name of the volunteer who wants and is working on the specific provision. Mapping CCPA with GDPR for the red cells that are in scope, revise, and update (if necessary) the GDPR mapping for the yellow cells.

    • Column B are the CCPA provisions,
    • Column C are the GDPR articles mapped to those provisions from our previous work. 
    • Column E is about the identified CSA Code of Conduct (CoC) controls that the cloud providers can check to show compliance with GDPR to their customers.
    • How to work on the document:
      • E.g. Row 203: For 'Adv+Marketing', find the corresponding provision under GDPR, and fill it in column D, (use as another example to this one of the green cells that have the GDPR provision already filled in there). If there is no correspondence with GDPR, mark it as N/A. 
        • In column E include the 'Type of the provision', e.g. Definition and Procedures.
        • In order to avoid double work in the same row, each reviewer is requested to include their name next to the row they are working on, in column J.

    To connect on the call tomorrow:

    URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09  (Meeting ID: 829 8738 2695, Passcode: 794440)

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------