Privacy Level Agreement

Back to discussions
Expand all | Collapse all

Kind reminder of tomorrow's working group call!

  • 1.  Kind reminder of tomorrow's working group call!

    Posted Jul 31, 2023 08:29:00 AM

    Dear members,

    This is a kind reminder for tomorrow's WG call.

    Agenda:

    Regarding the  '2023_04_13_CPRA - PLA_CoP_Mapping (WiP)' document:

      New action items:

      • Isabella ( @Isabella Oldani) to update on the assessment made by chairs to rows 224 and 226.
      • Need volunteers to map the remaining red cells of CPRA provision to GDPR. The unmapped rows are: 261, 264, 267, 285-294. (Map column B (CPRA) to column C (GDPR))

      Document logic (color codes):

      The document shows the CCPA provisions after the CPRA changes applied to them: 

      In red cells are the new provisions introduced by the CPRA that didn't exist earlier. Here there is the need to do a new complete mapping to the GDPR as the specific provision appears for the first time.

      Green cells show that the specific provision is as before, and nothing has been added.

      Yellow cells indicate that the provision has been updated from its previous state, thus this GDPR mapping needs to be revised.

      • Column B are the CCPA/CPRA provisions,
      • Column C are the GDPR articles (some are already mapped to those CCPA/CPRA provisions from our previous work). 
      • Column D describes the type of provision. It only contains 2 kinds to choose from: Obligation or Definition and Procedures.
      • Column E is about the identified CSA Code of Conduct (CoC) controls that the cloud providers can check to show compliance with GDPR to their customers.
      • Column J: the name of the volunteer who wants and is working on the specific red cell provision. Mapping CCPA with GDPR for the red cells that are in scope.
      • How to work on the document:
        • E.g. Row 203: For 'Adv+Marketing', find the corresponding provision under GDPR, and fill it in column C, (use as another example to this one of the green cells that have the GDPR provision already filled in there). If there is no correspondence with GDPR, mark it as N/A. 
          • In column D include the 'Type of the provision', e.g. Definition and Procedures.
          • In order to avoid double work in the same row, each reviewer is requested to include their name next to the row they are working on, in column J.

      Next working group call:

      Date: Tuesday, August 1st

      Time: 08:00 a.m. PST / 11:00 EST / 16:00 GMT / 17:00 CET.

      URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09  (Meeting ID: 829 8738 2695, Passcode: 794440)

      Kind regards,
      Marina



      ------------------------------
      Marina Bregkou,
      Senior Research Analyst,
      CSA
      ------------------------------