canna law blog

Cannabis Track and Trace Is A Disaster Waiting to Happen—and Not for the Reasons You Might Think

Most states’ regulated cannabis regimes require licensed cannabis companies to use seed-to-sale track-and-trace software. In California, the state has contracted the entire track-and-trace program to the METRC program. The METRC program isn’t yet fully implemented because many operators don’t yet have annual licenses. Our California cannabis attorneys frequently assist clients with track-and-trace compliance and preparation.

canna law blog

Selling Hemp Products to Europe? Welcome to the GDPR Nightmare.

Ever since the passage of the 2018 Farm Bill, our hemp lawyers have been getting a barrage of questions about the lawful status of hemp and hemp-derived cannabidiol (“Hemp CBD”) in the United States. The hemp laws appear to be changing in favor of a pro-hemp marketplace, but at a much slower pace than the

canna law blog

Data Breaches are Coming and Will Wreak Havoc in the Cannabis Industry

Virtually everyone knows about breaches of companies like Equifax. Massive breaches have happened to established, mega-companies who still took major reputational and monetary hits after they were breached. What many people don’t realize is that it doesn’t take a major breach to devastate a business. We don’t want to be dramatic, but we also don’t

canna law blog

Cannabis Cybersecurity: Information Security Standards in Oregon

Last week we discussed the data breach notification laws with which cannabis companies doing business in Oregon must comply following a cyber intrusion. Today, we discuss the safeguards these companies must adopt to protect the security, confidentiality and integrity of customers and employee (collectively, “Consumer”)’s personal information, who reside in Oregon. Pursuant to Oregon Revised

canna law blog

Oregon Cannabis: Data Breach Notification Laws 101

A few weeks ago, we mentioned that cannabis companies that fall victim to a data breach are required, under state law, to inform employees and customers whose data was compromised by the intrusion. However, not every stolen piece of information demands notification. This post further dives into these laws—all 50 states have now enacted breach

canna law blog

Cannabis Cybersecurity: Why Hacking Back is a Bad Idea

As I have discussed for the last two weeks, cannabis businesses have become increasingly vulnerable to cyberattacks. It is natural for a company victimized by data breaches to want to retaliate by hacking back. However, under current U.S. law, which is codified under the Computer Fraud and Abuse Act (“CFAA”), it is strictly prohibited to

canna law blog

Cannabis Data Security: How to React to a Cyberattack

As I discussed last week, hacked devices, breached networks, and stolen proprietary information have become commonplace in the cannabis industry. Because cybercrime variants are continually emerging, no company can achieve totally assured cybersecurity. Consequently, we strongly encourage all our clients to adopt a cyber incident plan for responding to attacks before they occur. Developing a

canna law blog

Cybercrime and Cannabis Businesses: The 101

To our surprise, many of our clients remain convinced that they are immune to cyberattacks. Yet, cannabis businesses house incredibly valuable information, making them exceedingly vulnerable to these attacks. This misplaced confidence has led numerous cannabis companies to operate without the necessary protective measures. Given the fact that more than 4,000 attacks occur daily, this