Privacy Level Agreement

Back to discussions
Expand all | Collapse all

Meeting Minutes October 10th, 2023.

  • 1.  Meeting Minutes October 10th, 2023.

    Posted Oct 23, 2023 08:49:00 AM

    Dear members,

    Please find the minutes from the last PLA WG call on the 10th of October:

    Minutes:

    Work in  '2023_04_13_CPRA - PLA_CoP_Mapping (WiP)' document:

    The chairs addressed the comments made by the WG contributors regarding the yellow cells, column I.

    Previous Action items:

    • Yellow cells allocated to a WG member: 
      • Chairs to revise row 266 by Verrion. - DONE
      • Chairs to discuss comments in row 316.- DONE
      • Rajat to review rows: 265, 281-284 and 367 to 369. - DONE
      • Edwin to review rows: 436-449. - DONE

    New action items:

    • Chairs to review and address comments by Rajat in rows 265, 281-284 and 367 to 369.
    • Chairs to present the past initiatives in order to decide the goal of the mapping exercise just finalized.

    *************************************************************************************************************************

    Note: Document logic (color codes):

    The document shows the CCPA provisions after the CPRA changes applied to them:

    Yellow cells indicate that the provision has been updated from its previous state, thus this GDPR mapping needs to be revised.

    Green cells show that the specific provision is as before, and nothing has been added.

    In red cells are the new provisions introduced by the CPRA that didn't exist earlier. Here there is the need to do a new complete mapping to the GDPR as the specific provision appears for the first time.

    Description of the second step being implemented:

    • Working on step 2: Revision of YELLOW cells.
    • Revise yellow cells and check if the GDPR mapping continues to be valid or needs to be updated. (columns B and C)
    • Please put your names in column J when you have reviewed a provision. Column I is for commenting, and voting if you agree or don't agree with the mapping in addition to the initial commenter.
      Note: Highlighted in yellow are the cells containing previous CCPA provisions that have been amended under the CPRA (are now slightly changed to what they included before);
      • Column B are the CCPA/CPRA provisions,
      • Column C are the GDPR articles (some are already mapped to those CCPA/CPRA provisions from our previous work). 
      • Column D describes the type of provision. It only contains 2 kinds to choose from: Obligation or Definition and Procedures.
      • Column E is about the identified CSA Code of Conduct (CoC) controls that the cloud providers can check to show compliance with GDPR to their customers.
      • Column J: the name of the volunteer who is working on the specific cell provision.

    ********************************************************************************************************************************************************

    To connect on the call tomorrow:

    Time: 08:00 a.m. PST / 11:00 EST / 16:00 GMT / 17:00 CET.

    URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09  (Meeting ID: 829 8738 2695, Passcode: 794440)

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------