Most states’ regulated cannabis regimes require licensed cannabis companies to use seed-to-sale track-and-trace software. In California, the state has contracted the entire track-and-trace program to the METRC program. The METRC program isn’t yet fully implemented because many operators don’t yet have annual licenses. Our California cannabis attorneys frequently assist clients with track-and-trace compliance and preparation.

cannabis data breach
Cannabis businesses may be especially vulnerable.

Virtually everyone knows about breaches of companies like Equifax. Massive breaches have happened to established, mega-companies who still took major reputational and monetary hits after they were breached. What many people don’t realize is that it doesn’t take a major breach to devastate a business.

cannabis marijuana IOT
Cannabis things included.

Two years ago, we published a series of posts about the cannabis industry’s embrace of the Internet of Things (“IoT”)—the network of physical objects connected through the Internet—for use in everything from garden sensors to dispensers. In that same series, we also discussed some of the potential

oregon marijuana cannabis data securityLast week we discussed the data breach notification laws with which cannabis companies doing business in Oregon must comply following a cyber intrusion. Today, we discuss the safeguards these companies must adopt to protect the security, confidentiality and integrity of customers and employee (collectively, “Consumer”)’s personal information, who reside in Oregon.

Pursuant to Oregon Revised

oregon marijuana data breach cyberA few weeks ago, we mentioned that cannabis companies that fall victim to a data breach are required, under state law, to inform employees and customers whose data was compromised by the intrusion. However, not every stolen piece of information demands notification. This post further dives into these laws—all 50 states have now enacted breach

Hacking back isn’t the answer, unfortunately.

As I have discussed for the last two weeks, cannabis businesses have become increasingly vulnerable to cyberattacks. It is natural for a company victimized by data breaches to want to retaliate by hacking back. However, under current U.S. law, which is codified under the Computer

cannabis marijuana cyber attack security
Be prepared!

As I discussed last week, hacked devices, breached networks, and stolen proprietary information have become commonplace in the cannabis industry. Because cybercrime variants are continually emerging, no company can achieve totally assured cybersecurity. Consequently, we strongly encourage all our clients to adopt a cyber incident plan for responding

cannabis cybercrime
Protect your business and its data from theft.

To our surprise, many of our clients remain convinced that they are immune to cyberattacks. Yet, cannabis businesses house incredibly valuable information, making them exceedingly vulnerable to these attacks. This misplaced confidence has led numerous cannabis companies to operate without the necessary protective