Dominic jaar lexper kpmg casl
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Dominic jaar lexper kpmg casl

on

  • 298 views

Dominic jaar lexper kpmg casl

Dominic jaar lexper kpmg casl

Statistics

Views

Total Views
298
Views on SlideShare
290
Embed Views
8

Actions

Likes
0
Downloads
4
Comments
0

1 Embed 8

http://www.slideee.com 8

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • DJ: 2 min <br /> Gov: roles/responsibilities, policies and procedures <br /> Process (marketing (lead generation), what about each employee?) <br /> Tech: What are the best software. None at this stage (US-compliant) Not a technology, a process – tech is an enabler <br /> People: training and communication strategy, audit <br />
  • DJ: 2 min <br /> Each of Gov, Proc, Tech and People are assessed <br /> Assessment completed by BU/Dept <br />
  • Varies from industry to industry <br /> TSPs lead (perhaps because they know what it means to deal with the CRTC….) <br /> Followed by retail <br /> Technology and Media <br /> FS <br /> Energy <br /> ?Mining? <br /> ?Industrial and manufacturing? <br /> ?Public sector? <br />
  • Should you have any question, please feel free to contact one of us. <br /> Thanks to all attendees and my co-panelists for joining us today. <br /> Website - which will be communicated via email) <br /> There will be an exit survey and we appreciate your <br /> ---------------- <br /> Business opportunity within <br /> Opt-out <br />

Dominic jaar lexper kpmg casl Presentation Transcript

  • 1. CanadianCanadian Anti-SpamAnti-Spam LegislationLegislation ReadinessReadiness April 29th , 2014
  • 2. ComplianceCompliance by Designby Design
  • 3. © 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 3
  • 4. CurrentCurrent MarketMarket MaturityMaturity
  • 5. © 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 5 Level 2 describes situation where Organization have compliance practices that are ill-defined and largely ad hoc in nature in regard to CASL. Level 2 describes situation where Organization have compliance practices that are ill-defined and largely ad hoc in nature in regard to CASL. Level 3 describes Organization is in the process of formalizing compliance measures for CASL. Level 3 describes Organization is in the process of formalizing compliance measures for CASL. Level 4 describes situation that Organization have set up documented compliance measures for CASL. Level 4 describes situation that Organization have set up documented compliance measures for CASL. Level 5 describes Organization having measurable processes to ensure they are compliant with the CASL and leveraging them in a competitive fashion. Level 5 describes Organization having measurable processes to ensure they are compliant with the CASL and leveraging them in a competitive fashion. Level 1 describes situation where Organization do not have any policy, procedure or system to comply with the Canadian Anti-Spam Legislation (CASL). Level 1 describes situation where Organization do not have any policy, procedure or system to comply with the Canadian Anti-Spam Legislation (CASL). CASL Maturity LevelsCASL Maturity Levels Level 5 (Measurable) Level 4 (Compliant & documented) Level 3 (In development) Level 2 (Ad hoc) Level 1 (Non existent)
  • 6. © 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 6 Maturity Assessment Executive SummaryMaturity Assessment Executive Summary The Capability Maturity Model outlines varying levels of organizational CASL-related governance, processes, technological and people maturity and the activities and traits per maturity level. The Capability Maturity Model outlines varying levels of organizational CASL-related governance, processes, technological and people maturity and the activities and traits per maturity level. Ad hocAd hoc In developmentIn development Compliant and documented MeasurableMeasurable Non existentNon existent  Business and IT processes are optimized and strategically aligned with CASL  Automated and preventative controls to protect and manage information assets are pervasive in the environment.  Compliance requirement exercises are routine and require minimal effort.  Tracked training and awareness.  Valued information is referenced when establishing communications and CASL strategies and decisions.  Enterprise communications metrics are defined, measured and subject to continuous improvement.  Active participant in external regulatory development and direction.  Complete integration with Governance, Risk and Compliance capabilities.  Communication channels are defined and the persons responsible for these are identified.  Processes and controls are well defined and align to the value and risk of communications in a CASL context.  Technology is utilized for key stages of CASL compliance  Communications and CASL awareness programs are conducted regularly.  Business critical communications are used to support CASL decisions.  CASL metrics are defined and measured.  The organization understands the value and risk of select communications.  Strong controls are in place regarding commercial communications.  Content and consent validation for communications are defined and applied consistently across the enterprise.  Risk assessments and audits are performed to understand communication risks.  Management understands compliance requirements and their impacts on the organization’s communications  Management establishes core capabilities to oversee governance initiatives.  Ownership of communication channels is informally defined.  Approach to communication channels as part of CASL compliance is limited to basic controls.  Limited process and controls documentation exists.  Management is aware of required organizational compliance mandates at a high-level.  Management has recognized governance needs but has not provided full support.  Limited or no controls are in place for CASL and communications management.  Process and controls documentation is ad hoc and dispersed.  Management has minimal to no understanding of required organizational compliance mandates. Time Maturity People Technologies Governance Processes
  • 7. © 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 7 CommunicationsCommunications 4.Which method(s) will your company use to send CEMs to third parties following July 1, 2014 (multiple choice): Instant messaging Text Message (SMS, MMS) Other Personal or Instant Message (on a computer network) Via other online services (e.g. web forums, portals) Via social networks (e.g. Facebook, LinkedIn, etc.) Email
  • 8. © 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 8 ExceptionsExceptions To what extent will your company rely on the “business card exception” (where the recipient’s electronic address was disclosed to the sender) implicit consent provision? To what extent will your company rely on the “published electronic address” (where the recipient’s electronic address is “conspicuously published”) implicit consent provision? To what extent will your company rely on the “existing business relationship” implicit consent to send CEMs? We will rely on it when we cannot assert an express consent We will rely on it We will rely on it and prefer it to express consent when we can
  • 9. © 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 9 UnsubscribeUnsubscribe Will an unsubscribe mechanism be inserted at the end of all emails sent, whether or not it qualifies as a CEM? Yes, only for emails sent from sales, marketing or similar departments or business units Do not know No Yes, for emails sent by all employees
  • 10. © 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 10 UnsubscribeUnsubscribe Will unsubscriptions cover all CEMs or a choice will be offered to opt-out from only selected CEMs? 20% 40% 40% It will depend on the particulars of the request (for ins Unsubscriptions will cover only the type of communication Unsubscriptions will cover all CEMs
  • 11. © 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 11 UnsubscribeUnsubscribe How are unsubscribe requests currently mostly processed: How will unsubscribe requests be processed after July 1st, 2014? (multiple choice) Do not know No unsubscribe mechanism yet Manually Automatically Do not know No unsubscribe mechanism Manually Automatically
  • 12. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. Dominic Jaar Partner, KPMG Canada National Leader, Information Management Services (416) 777-8911 djaar@kpmg.ca