A new law in California aims to give legal weed consumers an added layer of security. Assembly Bill 2402 was just signed into law. As a result, data about adults who purchase recreational cannabis in the Golden State will be kept secure under a new set of legal protections.
A New Law for Better Security
On Thursday, Governor Jerry Brown signed the bill into law. As per the terms of the new law, the rereational cannabis industry will now be subject to the same privacy laws as the medical marijuana industry.
It’s important to note that California’s medical marijuana industry already has a relatively strong set of security laws. That’s largely because, in California, data related to medical marijuana is considered standard medical information.
And that means that it must all be kept safe, private, and secure. For example, when a patient buys medical cannabis, their data cannot be sold or shared. It’s the same as any other type of medical records.
And now, thanks to California’s new law, recreational consumers will now enjoy the same level of privacy.
But that privacy doesn’t extend to all scenarios. In particular, local news sources said there are two key exceptions to the new privacy rules.
For one, marijuana companies can share customer data as part of payment processing protocols.
And second, cannabis businesses will still be allowed to share customer information with government officials who are carrying out official duties. Not surprisingly, that includes cops.
In addition to extending protections to the recreational side, the new law also clarifies a key point in California’s medical marijuana laws.
According to the new law, “all personal information of medical cannabis users is kept confidential by deeming identification cards issued to medical cannabis users to be ‘medical information’ under state law and therefore protected from unauthorized disclosure.”
Legal Weed and Consumer Data
Questions related to cannabis consumer data, information, and privacy have become increasingly important. And so far, these have been somewhat overlooked aspects of the legal weed industry.
To date, there is no single law about what marijuana companies can and cannot do with customer data. Instead, such laws are created and implemented on a state-by-state basis. That should not be surprising, given that all marijuana laws are state-specific.
Prior to California’s new law, there was not much of a framework in place to protect consumer data in the recreational space.
According to Politifact, California requires all dispensaries to check for legal ID before selling to a customer. As far as the law was concerned, the ID check was simply to ensure that a customer was at least 21 years old.
But beyond that, it was anyone’s guess what happened to customer information. Before this week’s changes, the state did not require dispensaries to store customers’ information. But the state also did not forbid businesses from keeping data.
This presented a potential loophole. Theoretically, businesses could keep customer data and use it for other purposes.
But now, it appears as if California has addressed this possible legal gap. Moving forward, recreational customers should enjoy a higher degree of consumer protections when it comes to data security and privacy.
