It was not so long ago that cannabis was a taboo topic, a counterculture activity that was frowned on by the mainstream masses. Although this is changing over time, people are still sensitive about retaining their privacy, and even more so in the face of rising cyber crime. Criminals are resourceful and are always inventing new ways in which to steal personal information.
As a licensed retailer, you should be aware of how to protect your data, and therefore your customers’. Being aware of your responsibilities, as well as the ways in which your data may be stolen, is the key to ensuring your customers’ privacy.
The industry already has intensive physical security standards. Retailers must have cameras that not only operate around the clock, but also store their data for a significant amount of time. This can be as long as 60 days in Alberta. Only authorized users are allowed to view the camera feed, and they must do so in a secure location while following strict operating instructions as per the AGLC retail license guide. Consumers can rest easy in this regard, since unless the government demands the information, their identities will not be revealed to anyone in the company who is not authorized to view it.
The best way to ensure confidentiality is to have a robust in-house policy.
While there are privacy protection measures such as the Personal Information Protection and Electronic Documents Act (PIPEDA), it is still difficult to ensure that all employees adhere to the industry regulations and standards. PIPEDA only applies to the collection, use and disclosure of personal information in the course of commercial activity. It will not prevent employees from casually talking about customers. The best way to ensure confidentiality is to have a robust in-house policy that covers all of the etiquette of cannabis sales. By educating your employees and paying close attention to your POS system, computer-network, credit card storage and transmission as well as online payment apps, you can minimize the chance of any data breach.
Beware of Scammers
Online fraud now poses a huge threat, and understanding the different ways in which data can be stolen is the first step towards keeping it safe. A popular method that a surprising number of people fall for is the tech support scam. Criminals send an email that if opened can install malicious software that generates some alarming messages on your computer system asking you to contact them. Installing more software to fix the “problem”, or granting them remote access to your system is a surefire way of losing data to them. There are variations on this theme, including cold calls from imposters claiming to be from tech companies like Apple or Microsoft.
Credit card skimmers also pose a problem. They’re small electronic devices fitted to credit card machines that steal information from cards during an otherwise legitimate transaction. A thief needs a few undisturbed moments to install a skimmer, which is why they’re often placed on ATMs and at gas stations. Be sure that your payment machine is not easily accessible to customers if an employee isn’t at the counter.
Keep Data Safe
While confidentiality will mainly be handled within a store’s code of conduct and training, cybersecurity measures are an entirely different story altogether. The good news for most store owners is that cyber attacks tend to target larger businesses. Still, they are a significant business risk for any organization that collects consumer data, and the more data it collects, the greater the chance of being targeted. How can retailers ensure that they are doing their best to protect their data? The answer may lie in third-party companies specializing in data security. An outside professional makes sure that they are aware of the latest issues and dangers present. In the event that a cyberattack is launched, they can be relied upon to control the data breach, contact regulatory bodies, and advise on changes needed to improve security.
The best way to approach cybersecurity is from the top down. Everyone in the organization must be trained in what hazards are present, and be actively engaged in spotting them. Attend meetings and seminars, develop internal policies on risk management, and ensure that sufficient safeguards are in place to prevent cyber attacks.
Locking Down Your Customer’s Data
Your business depends on the trust you build with customers, and violating that trust can have a disastrous effect. You could lose the confidence of your clients and thereby lose sales, suffer fraud losses, lose your ability to accept payment cards, or even find yourself being hit with a fine or other legal costs.
Make sure that your operating systems are constantly updated, delete any software that is not necessary to run your business, and install protection. You owe it to your customers, your employees, and to your business.
Eric has been heavily involved in the cannabis world for the last 18 months. He is the Executive Director of Leaf Forward Calgary, a business accelerator and incubator program for cannabis startups. He is the VP of Operations for Cultivated Solutions, a cannabis training and consulting company, and he sits on the board of the Alberta Cannabis Collective, an industry organization dedicated to creating a high operational standard for cannabis retail organizations.