Privacy Level Agreement

Back to discussions
Expand all | Collapse all

Meeting Minutes August 1st, 2023.

  • 1.  Meeting Minutes August 1st, 2023.

    Posted Aug 14, 2023 12:39:00 AM

    Dear members,

    Please find below the minutes form our last call on the 1st of August:

    Minutes:

    The working group went through the  '2023_04_13_CPRA - PLA_CoP_Mapping (WiP)' document. The chairs had reviewed the mapping done in column C (for the rest of the rows of the red cells) and provided their feedback which was then discussed with the group and finalized.

    Previous action items:

    • Isabella to update on the assessment made by chairs to rows 224 and 226. - DONE
    • Need volunteers to map the remaining red cells of CPRA provision to GDPR. The unmapped rows are: 261, 264, 267, 285-294. (Map column B (CPRA) to column C (GDPR)) - DONE

    New action items:

    • Working group to start step 2: Revise yellow cells and check if the GDPR mapping continues to be valid or needs to be updated. (columns B and C)
    • Please put your names in column I when you have reviewed a provision. Column J is for commenting, voting if you agree or don't agree with the mapping.
      Note: Highlighted in yellow are the cells containing previous CCPA provisions that have been amended under the CPRA (are now slightly changed to what they included before);

    Document logic (color codes):

    The document shows the CCPA provisions after the CPRA changes applied to them: 

    Green cells show that the specific provision is as before, and nothing has been added.

    Yellow cells indicate that the provision has been updated from its previous state, thus this GDPR mapping needs to be revised.

    • Column B are the CCPA/CPRA provisions,
    • Column C are the GDPR articles (some are already mapped to those CCPA/CPRA provisions from our previous work). 
    • Column D describes the type of provision. It only contains 2 kinds to choose from: Obligation or Definition and Procedures.
    • Column E is about the identified CSA Code of Conduct (CoC) controls that the cloud providers can check to show compliance with GDPR to their customers.
    • Column J: the name of the volunteer who wants and is working on the specific red cell provision. Mapping CCPA with GDPR for the red cells that are in scope.

    In red cells are the new provisions introduced by the CPRA that didn't exist earlier. Here there is the need to do a new complete mapping to the GDPR as the specific provision appears for the first time.

    Next working group call:

    Date: Tuesday, August 22

    Time: 08:00 a.m. PST / 11:00 EST / 16:00 GMT / 17:00 CET.

    URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09  (Meeting ID: 829 8738 2695, Passcode: 794440)

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------