Cannabis companies are not thinking enough about potential threats to their data and the information of their clients, a cybersecurity expert claims.
In a talk during the 2020 edition of the Vancouver Lift & Co. (TSXV:LIFT,OTCQB:LFCOF) Cannabis Expo, Hanna Shanes, chief compliance officer at 365 Cannabis, told the audience that, as data becomes a more urgent item in the cannabis industry, companies should spend more time and resources on protecting it.
Following her panel, Shanes told the Investing News Network (INN) that currently she gets the sense that data protection measures and standards are a low priority for the cannabis companies she’s talked to.
“I think the bigger organizations are thinking of it, but I think that often the impetus for them taking action is either a consumer inquiry, in which case it’s nearly too late, or it’s an audit for some of these publicly traded companies (that) is the first moment that they realize they have to get real about security and privacy,” she explained.
Shanes’ firm, Colorado-based 365 Cannabis, offers customers software solutions designed for the marijuana industry. In her view, cannabis companies will ultimately become more interested in the protection of data through a consumer movement rather than via any potential breaches.
Throughout the latest Lift Expo, experts in the marijuana space echoed the sentiment that data is becoming a cornerstone item for all cannabis operations, and stressed the need for corporations to collect information as part of every interaction with users and consumers.
According to Shanes, all cannabis companies should employ a data security officer, which is a role she described as not exclusively designed for an executive. This person would oversee policies and procedures or data protection.
During the panel, Shanes explained that the person in this role should be able to answer queries from consumers and other interested parties at any given time. In the event of an actual attack, they would lead the charge in the response.
When it comes to how investors can evaluate the measures a cannabis company uses to guarantee its privacy against potential threats, Shanes told INN to look out for firms taking ownership of this responsibility, rather than passing the duty to someone else.
“Everybody’s looking for the easy button,” said Shanes. “So they just want to outsource responsibility to someone else.”
As part of her panel, Shanes explained the various ways consumers and their information are supposed to be protected. The expert broke down how different policies, such as Canada’s Privacy Act and the Personal Information Protection and Electronic Documents Act, offer protections to the data collected by private corporations.
In Canada, all the licensed producers must issue a monthly report to Health Canada with information from their customers and patients. However, Shanes confirmed this information is usually aggregated so there is little to no worry of potential breaches exposing consumers’ personal details.
Don’t forget to follow us @INN_Cannabis for real-time news updates!
Securities Disclosure: I, Bryan Mc Govern, hold no direct investment interest in any company mentioned in this article.
Editorial Disclosure: The Investing News Network does not guarantee the accuracy or thoroughness of the information reported in the interviews it conducts. The opinions expressed in these interviews do not reflect the opinions of the Investing News Network and do not constitute investment advice. All readers are encouraged to perform their own due diligence.