Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Unique Cyber Risks Faced By the Cannabis Industry
All companies face cybersecurity threats, but the legalized cannabis industry's storage of personally identifiable information and reliance on seed-to-sale tracking software can place it firmly within hackers' crosshairs.
To be sure, despite currently being prohibited from storing cash in banks, some cannabis entities do process valuable personally identifiable information (PII).
"Just because there's more physical cash than electronic transactions, doesn't necessarily make these companies less of a target for hackers," wrote Robinson & Cole associate and data privacy and cybersecurity associate Kathryn Rattigan in an email. "Most of the point-of-sale systems automatically report to the state's compliance tracking system, which might include the individual's name, birth date and contact information based on the scanning of a driver's license or state-issued ID card."
Rattigan noted such data could be targeted by cybercriminals, including "ethical hackers" who don't agree with the legalization of cannabis and seek to expose consumers.
Indeed, there have already been hacks of some cannabis platforms containing personal data, including Pennsylvania-based seed-to-sale software MJ Freeway's reported hack in 2018 and security breach in 2017.
When any vendor is under siege, clients' work may be disturbed, but this disruption may be more acute in the cannabis industry given some states' required usage of seed-to-sale software.
"If MJ Freeway goes down, which it does, all marijuana sells comes to a grinding halt," said Steve Schain, a senior attorney at cannabis and hemp law firm Hoban Law Group.
While such an operational disturbance is generally out of clients' hands, Harris Bricken data security attorney Griffen Thorne said most legalized marijuana companies have a higher cyber risk for two reasons. For one thing, many of the startups aren't investing in cybersecurity, he said. In addition, cannabis "companies may be more unwilling to report incidents to the FBI or local law enforcement compared to other industries, that may be a thought cyber attackers have."
Still, while cannabis manufacture Natura Life + Science business development director Manndie Tingler noted that stolen PII is a concern, she said the cannabis industry's top threat is copyright infringers.
"A lot of this is right now coming in the form of a lot of people having counterfeit products including batch number falsification and stealing their copyrighted material and a lot of it is coming from the illicit market," Tingler said.
As cannabis companies attempt to combat bad actors, most won't find data privacy or cybersecurity guidance or requirements in the laws permitting the sale or use of marijuana. Instead, companies are regulated by states' data breach notification laws and possibly the California Consumer Privacy Act (CCPA) when it goes into effect Jan. 1, 2020, if they fall under that law's requirements.
"I think a lot of these companies are moving toward digital, at least some part of the company, and most likely the CCPA will apply to them," Thorne noted.
*****
Victoria Hudgins is a reporter for Legaltech News, an ALM sibling of Cybersecurity Law & Strategy, where she covers national and international legal tech innovations and developments. She can be reached at [email protected].
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
How Secure Is the AI System Your Law Firm Is Using?
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
COVID-19 and Lease Negotiations: Early Termination Provisions
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
Authentic Communications Today Increase Success for Value-Driven Clients
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.