Privacy Level Agreement
This group monitors the legal and regulatory landscape and performs research in the area of privacy and data protection compliance for cloud computing services at a global scale. Currently the group is working to extend the scope of the GDPR Code of Conduct in order to satisfy the data protection/privacy requirements in other relevant countries/states.
In most aspects of the collection, use or processing of personal data, privacy and security functions overlap or coexist to some extent and at times use similar tools. Privacy and security professionals should regularly communicate to ensure that they understand each other’s responsibilities, needs, capabilities, and limitations; and keep track of the changes to the ecosystem in which the personal data is used by their organization. They also need to ensure that their efforts complement, and do not conflict with, each other, so that they can enable their organization to meet its objectives in the most efficient and cost-effective, manner.
Data protection compliance is becoming increasingly risk-based. Data controllers and processors are accountable for determining and implementing in their organisations appropriate levels of protection of the personal data they process. In such a decision, they have to take into account factors such as state of the art of technology; costs of implementation; and the nature, scope, context and purposes of processing; as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. To help address these challenges CSA created the CSA Code of Conduct for GDPR Compliance. It aims to provide Cloud Service Providers (CSPs) and cloud consumers a solution for GDPR compliance and to provide transparency guidelines regarding the level of data protection offered by the CSP. The code can be used to submit a self-assessment to the CSA STAR Registry.
CSA also offers a course that trains lead auditors & consultants in the CSA GDPR Code of Conduct and the CSA GDPR Certification. This training is led by Prof. Dr. Paolo Balboni (Founding Partner of ICT Legal Consulting). You can learn more about this course here
Working Group Leadership
Founding Partner of ICT Legal Consulting, President of the European PrivacyAssociation Professor of Privacy, Cybersecurity, and IT Contract Law at theEuropean Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law.
Paolo Balboni (qualified lawyer admitted to the Milan Bar) is a FoundingPartner of ICT Legal Consulting (ICTLC),a law firm with offices in Milan, Bologna, Rome, an International Desk inAm...
Chief Technology Officer, CSA
Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...
Working Group Co-Chairs
Martim Taborda Barata
Martim is a Partner at ICTLC – an international law firm specializing in information and communication technology, privacy, data protection/security, and intellectual property law – having accumulated over 5 years of practical experience in these areas throughout his career. His primary focus is managing privacy and data protection compliance strategies for multinational clients (including organizations in the courier and mail delivery, fin...
|Publications in Review||Open Until|
|HSM-as-a-Service Use Cases, Considerations, and Best Practices||Dec 09, 2023|
|Glossary of Data Security Terms||Dec 28, 2023|
Who can join?
Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.
What is the time commitment?
The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.
Open Peer Reviews
Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.
HSM-as-a-Service Use Cases, Considerations, and Best Practices
Open Until: 12/09/2023
The scope of this document is to provide a general overview of Hardware Security Module (HSM) as a Service as a cloud servi...
Glossary of Data Security Terms
Open Until: 12/28/2023
The Glossary of Data Security Terms identifies terms relevant to data security to understand and comprehend the topic, whic...