There’s no denying that the cannabis industry is booming, and over the next few years, it’s expected to continue growing at a rapid rate. However, most states are starting to increase their expectations and oversight of cannabis businesses – aiming to ensure consistency in terms of the end-product and the operations leading up to its development and sale. For existing cannabis businesses, it’s challenging to keep up with increasingly stringent regulations and laws. Unfortunately, even after you’ve obtained your license, record-keeping and reporting needs to continue, in order to ensure compliance throughout all day-to-day operations.
It’s not enough to follow all of the rules until you’ve obtained your license. Regulatory compliance needs to be treated as an ongoing project to maintain your license. So what do you need to know about regulatory compliance to avoid potential fines resulting from an audit? Here are two of the main laws you should be aware of when it comes to protecting customer information:
California AB-2402 Cannabis: Personal Information
On September 20, 2018, AB-2402 was signed into law to ensure cannabis licensees protect the personal information of their customers. This law states that all cannabis licensees must:
Personal information refers to an individual’s first name or initial and last name in combination with one or more of the following:
Under this law, marijuana identification cards are categorized as “medical information” – meaning they fall under the CMIA (California’s Confidentiality of Medical Information Act) and those who receive marijuana identification cards are considered “providers of healthcare” for the purpose of complying with the CMIA – meaning penalties for improper use and disclosure of medical information may be imposed.
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is an information security standard that applies to all organizations that handle branded credit cards. This law was created to help prevent the risk of credit card fraud with six groups that contain various requirements within them. The six groups are as follows:
Complying with regulations relating to data security requires an experienced technology partner that knows and understands the cannabis industry. It’s vital to have enterprise-grade security measures above and beyond cameras to monitor your location. You need intrusion detection software, encryption, web content filtering, and more to keep the private information of your customers safe.
Veo Verde is your go-to team of cannabis information technology experts. Call (831) 272-0669 to get started with us.
Like this article? Keep reading…
Veo Verde Technology is a division of its larger parent company Alvarez Technology Group. With 20 years of experience providing cutting-edge IT products and services to their customers in California, the administration of Alvarez Technology Group spotted a neglected market in the cannabis industry.
Fill in your information below: