Most Read Contributor in United States, February 2017
Data privacy and the cannabis industry. The growing intersection
of the two is yet another sign that cannabis has come a long way
from the black market. As more states legalize cannabis for medical
and recreational purposes, and the industry faces greater
regulation and tracking, data privacy becomes increasingly
important in the cannabis world.
The cannabis industry is the fastest-growing industry in
America. By 2020, legal cannabis sales are expected to exceed $21
billion. So it should come as no surprise that technology companies
are now staking claim to the action. A number of software
developers from small shops to Microsoft are developing various
compliance and other software tools to keep up with the
ever-shifting landscape of state-by-state marijuana regulations and
related federal policy changes. And with such heavy regulation and
tracking comes the collection and storage of personally
identifiable information (PII) and other sensitive information.
Flowhub, a Denver-based start-up founded in 2015, for instance,
offers a mobile device for scanning RFID plant tags, a
point-of-sale (POS) system for dispensaries, and a cloud-based
software-as-a-service (SaaS) platform. Its POS system automatically
reports to states' compliance tracking systems using
application programming interfaces (APIs). All daily sales data can
be uploaded automatically into the state's database in one
step. Dispensaries can have their customers' ID's scanned
for birth date and state of residency, checking them into the
system, and confirming what they can buy based on state-specific
regulations that have been entered into the system. In essence, the
goal is to track every plant, product, and person associated with
the production and sale of marijuana, all the while maintaining
legal compliance. A veritable PII hot spot.
Tech-giant Microsoft has also announced that it is working with
Los Angeles-based start-up Kind Financial on software that will
help state governments track the legal marijuana business and
ensure compliance. Microsoft has offered up its Azure cloud
platform, a suite of cloud services designed to meet the stringent
security requirements of government agencies, including the U.S.
Department of Defense. Microsoft's heavily publicized move into
the cannabis industry no doubt signals a trend towards cloud
operations for the cannabis industry, implicating data privacy and
security issues for years to come.
As the cannabis business keeps booming, and tech meets cannabis
in still other areas—e-commerce, mobile and on-demand,
advertising technology—data privacy will play a starring
role. Cannabis businesses should consider implementing privacy
policies if they have not already done so. They should also ensure
that they have proper, up-to-date security measures in place,
including data-breach response plans in the event of a cyberattack
and adequate employee training about the importance of security.
The cannabis industry has a long, promising road ahead, and for
better or worse, data privacy is along for the ride.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
A March 2 article in Bloomberg BNA's Privacy Law Watch and other publications, "Privacy and Security Audits May Be Moving From Education to Enforcement," reported that the Department of Health and Human Services' Office for Civil Rights' (OCR's) ongoing HIPAA privacy and security audits may be shifting focus from provider education to enforcement.
It's been a couple of months since the dust has settled from FDA's October 26, 2016 approval of Mylan Pharmaceuticals Inc.'s ANDA 078276 for a generic version of Daiichi Sankyo Inc.'s BENICAR Tablets...
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).