California Cannabis Dispensaries Dealing with New Data Privacy Protections

Last week, Assembly Bill 2402 was signed into law by California Governor Jerry Brown. The new legislation establishes new regulations that mandate new data privacy protections for customers of California cannabis dispensaries. Restrictions have been placed on how licensed cannabis retailers can share consumer information with third parties.

Third Party Sharing

No longer will California cannabis dispensaries be allowed to share extensive information about their clientele, however there are a couple of exceptions. Third party sharing is only allowed if the customer consents to share their personal data or the data is shared in connection with purchases.

AB 2402 also stipulates that California cannabis dispensaries are not allowed to discriminate against customers who do not consent to third party sharing. Refusing to serve consumers based on their decision to protect their information will be met with severe penalties.

Data Protection for Medical Patients

The bill will now serve as a safeguard for consumer privacy as their data will be protected by law. California cannabis dispensaries will not be permitted to disclose a customer’s first name, first initial or last name in association with their social security number, drivers license number, bank account number, or medical information.

Medical marijuana patients will receive increased privacy protection as AB 2402 expounds upon the definition of “medical information” as it pertains to medical marijuana identification cards. Under the new law, cannabis retailers that serve medical marijuana patients are considered health care providers and are subject to the Confidentiality of Medical Information Act.

What’s Next

With cannabis still illegal on the federal level, it’s no surprise that this type of legislation is being passed. These new data privacy protection may prove challenging for many California cannabis dispensaries, however they do have prior experience dealing with third-party sharing safeguards. AB 2402 only broadens the amount of information that is protected, so after increasing their data security and updating staff on the new standards it should be doable.

Fortunately, advanced dispensary point-of-sale systems, such as IndicaOnline, provide some of the best data security in the business. All patient and customer information is protected with two factor authentication, and 256-bit SSL encryption. Our POS system also tracks the actions of dispensary staff to see if they’ve viewed or accessed customer information.

While the bill has been signed, there has been no official announcement on when the law will take effect. California cannabis dispensaries can begin taking step to comply by reviewing their third-party share settings and training their staff.