Privacy Level Agreement

Back to discussions
Expand all | Collapse all

Meeting Minutes June 20, 2023.

  • 1.  Meeting Minutes June 20, 2023.

    Posted Jul 07, 2023 02:28:00 PM

    Dear members,

    Below you can find the meeting minutes from our WG's call on the 20th of June.

    Thank you to my colleague @Lefteris Skoutaris for replacing me on the 20th.

    Our 4th of July call didn't take place.

    Next WG call: Tuesday, 11 July 2023.

    Minutes:

    Isabella did an introduction of the document for the new members joining the call.

    • Column B are the CCPA provisions,
    • Column C are the GDPR articles mapped to those provisions from our previous work. 
    • Column E is about the identified CSA Code of Conduct (CoC) controls that the cloud providers can check to show compliance with GDPR to their customers.

    Document logic (color codes):

    After the CPRA changes to the CCPA: New provisions (after the CPRA change to CCPA), the red cells present the new provisions introduced by the CPRA.

    Green cells show that the specific provision is as before, and nothing has been added.

    Yellow cells indicate that the provision has been updated from its previous state, thus this GDPR mapping needs to be revised.

    Step 1: Focusing on column B: Review the red cells – Identify the corresponding provision of CCPA with GDPR: Complete column C that represents the obligations raised for the cloud provider towards their clients.

    The ones that are flagged as Out-of-Scope are the ones that the chairs have flagged as out of scope.

    Step 2: Work on column C: Work on red cells that are marked as in-scope and identify the GDPR provision (column C) that corresponds to the CCPA (column B). Please look at example from rows 25 and 26.

    Step 3: Yellow cells: Revise the old mapping from previous work the WG has done (column C) and check/verify/revise if the gap analysis in column (G) is correct or needs to be updated now, that these provisions colored in yellow have been updated from the CPRA. Add your comments for this opinion, in column J.

    Column J: the name of the volunteer who wants and is working on the specific provision. Mapping CCPA with GDPR for the red cells that are in scope, revise, and update (if necessary) the GDPR mapping for the yellow cells.

    Previous action items:

    • Marina to send out a 'call for participation' for new volunteers to help with the work, on the new document '2023_04_13_CPRA - PLA_CoP_Mapping (WiP)': - DONE
    • Mark Vinkovits has been assigned 10 controls to map to GDPR and fill columns D and E (respectively rows: 22, 23, 24, 25, 26, 147, 197, 198, 199, 200)-Partially done.

    New action items:

    • Mark Vinkovits ( @Mark Vinkovits ) to address comments and notes made on row 22 and 24.
    • Working group to focus on the red cells that are white in column G. That means that they have been identified as In-scope by the WG chairs and need to be mapped to GDPR.

    • How to work on the document:
      • E.g. Row 203: For 'Adv+Marketing', find the corresponding provision under GDPR, and fill it in column D, (use as another example to this one of the green cells that have the GDPR provision already filled in there). If there is no correspondence with GDPR, mark it as N/A. 
        • In column E include the 'Type of the provision', e.g. Definition and Procedures.
        • In order to avoid double work in the same row, each reviewer is requested to include their name next to the row they are working on, in column C.

    Next working group call is on Tuesday 11 July, at 08:30 a.m. PST / 11:30 EST / 16:30 GMT / 17:30 CET.

    URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09  (Meeting ID: 829 8738 2695, Passcode: 794440)

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------