Privacy Level Agreement

Meeting Minutes May 9th, 2023.

  • 1.  Meeting Minutes May 9th, 2023.

    Posted May 19, 2023 06:25:00 AM

    Dear members,

    On our last working group call on the 9th of May we discussed the new document the chairs have created regarding the provisions of CPRA that have to do with the CCPA.
    More specifically our new document of work, contains the study of the CCPA as amended by the CPRA.

    • The remarks the WG chairs have made include:
      • In column B (excel document, Tab: CPRA-PLA_CoC Mapping), highlighted in green are the cells containing provisions that have not changed (these provisions haven;t changed under CPRA and the working group is not making any action here);
      • Highlighted in yellow are the cells containing provisions that have been amended under the CPRA (slightly changed to before);
      • Highlighted in red are the cells which contain new provisions (provisions that didn't exist before under CCPA). Please note: For the cells in red, flagged as "Out of Scope" (column F) are the provisions that in the chairs opinion do not create specific obligations for CSPs which act as Processors/Service Providers and that can therefore be excluded from the future mapping exercise (if the group agrees with this first assessment!).

    Previous action items:

    • Working group members to please review from new document '2023_04_13_CPRA - PLA_CoP_Mapping (WiP)':
      • Column F (Tab: CPRA-PLA_CoC Mapping) in relation to red cells as to verify whether the group agrees on excluding the cells that the chairs have identified as "Out of Scope" from the future mapping exercise (if so, these cells and related rows can be hidden from the Excel file). - Done

    Mark reviewed columns B and F for the red cells and disagreed with line 203 (Advertising and Marketing) as being out-of-scope. After discussing 203 changed to 'In-scope'.
    Same for line 224 (Consent), it has been marked as 'In-scope'.

    New action items:

    • Working group to revise all the red cells that are in-scope, and perform a gap analysis for columns D and E as a start. 
    • E.g. Row 203: For 'Adv+Marketing', find the corresponding provision under GDPR, and fill it in column D, (use as another example to this one of the green cells that have the GDPR provision already filled in there). If there is no correspondence with GDPR, mark it as N/A. 
      • In column E include the 'Type of the provision', e.g. Definition and Procedures.
      • In order to avoid double work in the same row, each reviewer is requested to include their name next to the row they are working on, in column C.

    Next working group call is scheduled for Tuesday, 23 May at 16:00 GMT/ 17:00 CET / 08:00 a.m. PST.

    URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09  (Meeting ID: 829 8738 2695, Passcode: 794440)

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------