It’s high time cannabis agencies get serious about privacy

If you’re a cannabis user, you may want to think twice about ordering products online. 

The Ontario Cannabis Store specifically states that none of the data you enter to purchase your cannabis on their website will be given away, sold, or in any way fall into the hands of a third party. It’s mentioned in their terms and conditions — though that info is buried deep enough for the average shopper to miss.  

Privacy is their promise and the consumer’s expectation.  

Dank news about your data

Last week Global News uncovered the truth that consumers’ postal codes entered online are being sold to third-party companies, for reasons that are unclear.

Cannabis is still a contentious product. Canada is one of only two countries on the planet that allow its sale legally; we’re physically connected to a country where it’s still a federal crime, to the point where travellers have been barred from entering the States based on prior cannabis use.  

It’s easy to see how privacy is paramount in every step of cannabis sales. 

Are we just paranoid?

There’s big risk involved in an online-based model for cannabis transactions. 

If we can’t trust the government — whose agencies are the only legal retailers of recreational cannabis — it stands to reason that consumers will seek greener pastures for the purchase of these products. The anonymity (not to mention the price) of a dealer still holds appeal for Canadians. Beyond this low-level law-breaking, major criminals are incentivized to find ways to embarrass the providers of legal cannabis. 

What better way to do that than by breaching customer privacy?  

If retailers can’t even protect the data they have, how can we trust them to safeguard our private information against malicious attacks? 

420 reasons to demand clearer terms and conditions

The terms of use agreements for most products and services are, as a rule, far too complex. Online cannabis sites offer no exception. These forms need to be simplified so people clearly understand what they mean, and, even more importantly, there need to be real consequences when companies tell people one thing and do the exact opposite.  

These standards for data protection should apply to government agencies as much as the private sector. 

A chronic disregard for privacy

Canada’s privacy laws leave a lot to be desired. The federal privacy commissioner is a bureaucrat who is constrained by the will of parliament, and parliament — at least right now — has no interest in pushing forward with privacy regulations.  

Politicians have explicitly opted themselves out from any accountability for privacy law. They’re loath to bring attention to these issues, because they raise a lot of uncomfortable questions for them, for donors and supporters.  

Be blunt about security

There is a surge in awareness, though, with Canada’s big cities pushing parties for policies on digital privacy

The federal election has a just begun, and now is the time to ask local candidates and MPs where they stand on issues of data security. They want our votes; if we take our privacy seriously, as our representatives they’ll need to take it seriously too.  

To get the right information at the right time, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245.