The cyber risks of legalized cannabis

With recreational cannabis set to become legal across Canada in mid-October, some are raising concerns about the protection of consumer privacy.

Beauceron CEO David Shipley and Matt Gurney of Global News 640 discussed the cybersecurity challenges the industry faces and the impact of potential privacy breaches, which could include lifetime bans from entering the United States.

Sensitive Information

A recent report from Deloitte stated that recreational cannabis users don’t want the general public (potentially their family or employers) that they’re purchasing cannabis. The report described it as a make or break issue for cannabis consumers.

Whether it’s in-store visits or ordering online, the protection of their personal information is far more sensitive than my recent purchase of new shoes online.

It presents a whole new set of challenges and costs for organizations that are going to provide cannabis.


Cannabis retailers in Canada will have to track who they’re selling to because it’s a controlled substance. So there’s no avoiding the collection of highly sensitive personal information.

Retailers are caught between requirements to keep this data to comply, and the risk this data holds for their firm and their customers if breached.

Securing this data during online transactions and in in record retention for compliance will not be cheap and could add significant costs to retailer’s operations.

It’s clear the cannabis retail industry will be a prime target for cybercriminals who will seek to steal, sell, or ransom customer data due to its highly sensitive (and valuable nature). Organized crime, which stands to lose billions in revenue from cannabis sales will also be highly motivated to disrupt legal providers.

Reducing risk with a proactive approach

The key for cannabis retailers is to balance their business opportunity with the risks. It will require careful planning of technology infrastructure, data collection, storage and retention processes and policies as well as comprehensive cybersecurity education for employees and managers.

There will be no shortcuts or silver bullets for managing the cyber risk of cannabis retail operations.

Challenges with Cyber Insurance

Some retailers may chose to pursue cyber insurance to transfer some of their risk to another party. While cyber insurance, particularly for activities such as funding breach response teams, are a good idea, they are only part of an effective strategy.

As with all insurance, reading the fine print on policies is critical.

Getting help

Beauceron and its partners have experience helping a variety of sectors, including the retail sector. If your firm is concerned about mitigating your cyber risks, reach out to our team. We can help.