What Cannabis Companies Need to Know About Data Security

Michael C. McQueeny, Chair of Genova Burns’ Cannabis Law practice group, and Matthew S. Oorbeek of the firm’s Privacy, Cyber & Data Security practice, have co-authored an article entitled “What Cannabis Companies Need to Know About Data Security” for the Insiders Guest Column in NJ Cannabis Insider.

The authors remark that, “… everyone knows of the large data breaches, the one thing that … large multinational companies share with state and regional cannabis companies is the reality that all are prey to data breaches. The notable difference, however, is that while Home Depot, Target, and Sony may have the market cap sufficient to absorb losses stemming from it, ATCs (alternative treatment centers) do not. Companies should not take solace in the hope that hackers will merely bypass them for these larger targets. Smaller companies, and even cannabis companies, can and have been hacked and subject to data breaches in the past.”

The article points out that, while “Data privacy laws only continue to evolve and expand in scope” readers should “remember, obligations create opportunities for new cannabis industry entrants to stand out.”

The authors go on to explain how one can make their application stand out, saying, “not only meeting, but exceeding any regulatory requirement is part of what makes a winning application. Demonstrating compliance not only with a physical and operational security plan, but also a data security plan, will not only position such applicants for success in its application, but, more importantly, its operations.”