Virtually everyone knows about breaches of companies like Equifax. Massive breaches have happened to established, mega-companies who still took major reputational and monetary hits after they were breached. What many people don’t realize is that it doesn’t take a major breach to devastate a business. We don’t want to be dramatic, but we also don’t
Unless you’ve been living under a rock for the past few months, you’ve probably read about the host of sweeping new laws in California, like its new Internet of Things law, cannabis privacy law, or net neutrality law, to name just a few. California has long been regarded a trailblazer when it comes to making
Two years ago, we published a series of posts about the cannabis industry’s embrace of the Internet of Things (“IoT”)—the network of physical objects connected through the Internet—for use in everything from garden sensors to dispensers. In that same series, we also discussed some of the potential legal risks and ramifications of using the IoT
Last week we discussed the data breach notification laws with which cannabis companies doing business in Oregon must comply following a cyber intrusion. Today, we discuss the safeguards these companies must adopt to protect the security, confidentiality and integrity of customers and employee (collectively, “Consumer”)’s personal information, who reside in Oregon. Pursuant to Oregon Revised
A few weeks ago, we mentioned that cannabis companies that fall victim to a data breach are required, under state law, to inform employees and customers whose data was compromised by the intrusion. However, not every stolen piece of information demands notification. This post further dives into these laws—all 50 states have now enacted breach
As I have discussed for the last two weeks, cannabis businesses have become increasingly vulnerable to cyberattacks. It is natural for a company victimized by data breaches to want to retaliate by hacking back. However, under current U.S. law, which is codified under the Computer Fraud and Abuse Act (“CFAA”), it is strictly prohibited to
As I discussed last week, hacked devices, breached networks, and stolen proprietary information have become commonplace in the cannabis industry. Because cybercrime variants are continually emerging, no company can achieve totally assured cybersecurity. Consequently, we strongly encourage all our clients to adopt a cyber incident plan for responding to attacks before they occur. Developing a
To our surprise, many of our clients remain convinced that they are immune to cyberattacks. Yet, cannabis businesses house incredibly valuable information, making them exceedingly vulnerable to these attacks. This misplaced confidence has led numerous cannabis companies to operate without the necessary protective measures. Given the fact that more than 4,000 attacks occur daily, this
