Privacy Level Agreement

Dear members,

Please find the minutes from the last PLA WG call on the 26th of September:

Minutes:

Work in  '2023_04_13_CPRA - PLA_CoP_Mapping (WiP)' document:

The chairs addressed the comments made by the WG contributors regarding the yellow cells, column I.

Row 247, Louis suggested to add Art 6(1)(b) too but after discussing the WG agreed that article 4 covers all the definitions of personal information while article 6 (1) b, is more related to the processing activities to define something.

Previous Action items:

• Marina to go through the document and correct the content of columns I and J. Column J needs to contain the name and vote of the initial member revising a specific provision like it has been appointed on the WG call. Column I is where other members of the WG comment on agreeing/disagreeing about specific provision being mapped to the GDPR article it is. - DONE
• Chairs to revise row 266 by Verrion. - PENDING
  
• Yellow cells allocated to a WG member for next call: 
  • Row 43 to 49 allocated to Louis Pinault - DONE
    
  • Row 71: Mattia and Isabella - DONE
    
  • Rows 97-98: Chairs - DONE
    
  • Row 100-105: Louis Pinault - DONE
    
  • Row 108-111: chairs - DONE
    
  • Row 134 and 140: Chairs - DONE
    
  • Row 205-211, 223, 247: Louis Pinault - DONE
    
  • Row 265: Author to be defined - DONE (assigned to Rajat Dubey)
    
  • Row 328, and 356-358: chairs - DONE
    
  • Row 281-284: Author to be defined - DONE (assigned to Rajat Dubey)
    
  • Row 296-298: Author to be defined - DONE (task completed by Louis Pinault)
    
  • Row 306-315: Author to be defined - DONE (task completed by Louis Pinault)
    
  • Rows 364, 365: Author to be defined - DONE (task completed by Wei Cao)
    
  • Rows 432 to 449: Author to be defined - DONE (task assigned to Edwin Brockner)
    
  • Rows 463 to 478: Author to be defined - DONE (task completed by Raj Bajwa-Patel)

New action items:

• Chairs to revise row 266 by Verrion.
• Chairs to discuss comments in row 316, 316
• Rajat ( @Rajat Dubey) to review rows: 265, 281-284 and 367 to 369.
  
• Edwin ( @Edwin Brockner) to review rows: 436-449

*************************************************************************************************************************

Note: Document logic (color codes):

The document shows the CCPA provisions after the CPRA changes applied to them:

Yellow cells indicate that the provision has been updated from its previous state, thus this GDPR mapping needs to be revised.

Green cells show that the specific provision is as before, and nothing has been added.

In red cells are the new provisions introduced by the CPRA that didn't exist earlier. Here there is the need to do a new complete mapping to the GDPR as the specific provision appears for the first time.

Description of the second step being implemented:

• Working on step 2: Revision of YELLOW cells.
• Revise yellow cells and check if the GDPR mapping continues to be valid or needs to be updated. (columns B and C)
• Please put your names in column J when you have reviewed a provision. Column I is for commenting, and voting if you agree or don't agree with the mapping in addition to the initial commenter.
  Note: Highlighted in yellow are the cells containing previous CCPA provisions that have been amended under the CPRA (are now slightly changed to what they included before);

• • Column B are the CCPA/CPRA provisions,
  • Column C are the GDPR articles (some are already mapped to those CCPA/CPRA provisions from our previous work). 
  • Column D describes the type of provision. It only contains 2 kinds to choose from: Obligation or Definition and Procedures.
  • Column E is about the identified CSA Code of Conduct (CoC) controls that the cloud providers can check to show compliance with GDPR to their customers.
  • Column J: the name of the volunteer who is working on the specific cell provision.
    

********************************************************************************************************************************************************

To connect on the call tomorrow:

Time: 08:00 a.m. PST / 11:00 EST / 16:00 GMT / 17:00 CET.

URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09  (Meeting ID: 829 8738 2695, Passcode: 794440)

Kind regards,
Marina

------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------

Completed action items assigned to me for the call on October 10.

Dear members,

Please find the minutes from the last PLA WG call on the 26th of September:

Minutes:

Work in  '2023_04_13_CPRA - PLA_CoP_Mapping (WiP)' document:

The chairs addressed the comments made by the WG contributors regarding the yellow cells, column I.

Row 247, Louis suggested to add Art 6(1)(b) too but after discussing the WG agreed that article 4 covers all the definitions of personal information while article 6 (1) b, is more related to the processing activities to define something.

Previous Action items:

• Marina to go through the document and correct the content of columns I and J. Column J needs to contain the name and vote of the initial member revising a specific provision like it has been appointed on the WG call. Column I is where other members of the WG comment on agreeing/disagreeing about specific provision being mapped to the GDPR article it is. - DONE
• Chairs to revise row 266 by Verrion. - PENDING
  
• Yellow cells allocated to a WG member for next call: 
  • Row 43 to 49 allocated to Louis Pinault - DONE
    
  • Row 71: Mattia and Isabella - DONE
    
  • Rows 97-98: Chairs - DONE
    
  • Row 100-105: Louis Pinault - DONE
    
  • Row 108-111: chairs - DONE
    
  • Row 134 and 140: Chairs - DONE
    
  • Row 205-211, 223, 247: Louis Pinault - DONE
    
  • Row 265: Author to be defined - DONE (assigned to Rajat Dubey)
    
  • Row 328, and 356-358: chairs - DONE
    
  • Row 281-284: Author to be defined - DONE (assigned to Rajat Dubey)
    
  • Row 296-298: Author to be defined - DONE (task completed by Louis Pinault)
    
  • Row 306-315: Author to be defined - DONE (task completed by Louis Pinault)
    
  • Rows 364, 365: Author to be defined - DONE (task completed by Wei Cao)
    
  • Rows 432 to 449: Author to be defined - DONE (task assigned to Edwin Brockner)
    
  • Rows 463 to 478: Author to be defined - DONE (task completed by Raj Bajwa-Patel)

New action items:

• Chairs to revise row 266 by Verrion.
• Chairs to discuss comments in row 316, 316
• Rajat ( @Rajat Dubey) to review rows: 265, 281-284 and 367 to 369.
  
• Edwin ( @Edwin Brockner) to review rows: 436-449

*************************************************************************************************************************

Note: Document logic (color codes):

The document shows the CCPA provisions after the CPRA changes applied to them:

Yellow cells indicate that the provision has been updated from its previous state, thus this GDPR mapping needs to be revised.

Green cells show that the specific provision is as before, and nothing has been added.

In red cells are the new provisions introduced by the CPRA that didn't exist earlier. Here there is the need to do a new complete mapping to the GDPR as the specific provision appears for the first time.

Description of the second step being implemented:

• Working on step 2: Revision of YELLOW cells.
• Revise yellow cells and check if the GDPR mapping continues to be valid or needs to be updated. (columns B and C)
• Please put your names in column J when you have reviewed a provision. Column I is for commenting, and voting if you agree or don't agree with the mapping in addition to the initial commenter.
  Note: Highlighted in yellow are the cells containing previous CCPA provisions that have been amended under the CPRA (are now slightly changed to what they included before);

• • Column B are the CCPA/CPRA provisions,
  • Column C are the GDPR articles (some are already mapped to those CCPA/CPRA provisions from our previous work). 
  • Column D describes the type of provision. It only contains 2 kinds to choose from: Obligation or Definition and Procedures.
  • Column E is about the identified CSA Code of Conduct (CoC) controls that the cloud providers can check to show compliance with GDPR to their customers.
  • Column J: the name of the volunteer who is working on the specific cell provision.
    

********************************************************************************************************************************************************

To connect on the call tomorrow:

Time: 08:00 a.m. PST / 11:00 EST / 16:00 GMT / 17:00 CET.

URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09  (Meeting ID: 829 8738 2695, Passcode: 794440)

Kind regards,
Marina

------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------