Privacy Level Agreement

Back to discussions
Expand all | Collapse all

Kind reminder of tomorrow's working group call!

  • 1.  Kind reminder of tomorrow's working group call!

    Posted Dec 04, 2023 05:32:00 AM

    Dear members,

    This is a kind reminder of our PLA working group call scheduled for tomorrow, Tuesday, 5 December at 08:00 a.m. PT / 11:00 a.m. ET / 17:00 CET.

    Agenda:

    • New document with "CPRA - PLA_CoC Mapping" tab (with the green label), while the other tabs are included in the file as a reference.

    • Working from column E and onward: Identify the corresponding requirement under the Code of Conduct:

      • For the red cells (in scope): Complete columns D, E, F, G and H by doing the same mapping exercise under CCPA but this time under CPRA. i.e. The GDPR Code of Conduct controls (column C) meet the CPRA requirements. (please therefore ignore all RED cells that have been marked – in Column C – as "Out of Scope")
        1. Those who would like to contribute to this work can insert their name in Column I (and therefore become a "Reviewer");
        2. The Reviewer will then need to complete Column E by identifying the relevant Control (of the CSA CoC) that would allow CSPs to comply with the obligations stemming from the relevant CCPA provisions identified in Columns B and C. This can be done by first checking the tab "PLA Annex 10" of the Excel document Possible outcomes:
        • If a corresponding Control can be found in tab "PLA Annex 10", this Control can be added in Column E (by also adding "PLA – Annex 10" in brackets) and Column F can be completed with "No Gap";
        • If a corresponding Control cannot be found in tab "PLA Annex 10", the Reviewer should then check the "PLA Code of Practice (CoP) v4.1" tab of the Excel file:
          • If a corresponding Control is found in this tab, this Control can be added in Column E and Column F can be completed with "No Gap";
          • If a corresponding Control is found in this tab but the identified Control would not allow CSPs to fully comply with the obligations stemming from the relevant CCPA provisions identified in Columns B and C, this Control can be added in Column E and Column F can be completed with "Partial Gap";
          • If no corresponding Control can be found in this tab, Column F can be completed with "Full Gap".
        1. The Reviewer should then briefly summarize the results of their analysis in Column G;
        2. Lastly, in case Column F has been completed with "Full" or "Partial Gap", the Reviewer should identify the proposed compensating Control in Column H.

           

          Please note that the chairs have already completed row 22 of the "CPRA - PLA_CoC Mapping" tab as a reference for the group on how we would proceed.

      • Lastly, please also note that the group can also use as a reference the work that has been done in tab "CCPA - PLA_CoC Mapping (for pub)" of the Excel file which has been developed before the CPRA came into force (we now need to do the same exercise in relation to the amended text of the CCPA).

    Action items:

    • Louis ( @Louis Pinault) to work on rows 23, 24, 25, 42

    • Rajat ( @Rajat Dubey) to work on rows 115, 116, 147, 197, 198.

    • Unassigned red cells for the mapping of the CPRA to the GDPR: 199 to 202, 214, 215, 228 to 234, 263, 266, 269, 287 to 299, 304 to 309.

       

    URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09  (Meeting ID: 829 8738 2695, Passcode: 794440)

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------