Security is a primary concern for any business — and cannabis retail is no different. Of course, the physical security of your dispensary is one aspect of this, and in the past we’ve discussed ways to prevent internal theft and fraud at your retail cannabis operation.Today, though, we’re going to be looking at another aspect of security that’s just as important as protecting your physical assets: the securing of your business and customer data.
Canada’s Privacy Laws
Generally speaking, Canada has much stricter privacy laws than the U.S.
In Canada, there are two main federal privacy laws, both of which are enforced by the Office of the Privacy Commissioner of Canada. The first one, called simply The Privacy Act, deals with the federal government’s handling of personal information; the second, called The Personal Information Protection and Electronic Documents Act, governs how businesses and other organizations must handle personal information.
The second act, referred to as PIPEDA for short, requires that organizations obtain consent before collecting and using any personally identifiable information, or PII. Under PIPEDA, PII includes any information that can be traced back to a specific person, like names, ages, and ID numbers — in other words, the type of information retailers would typically store for the purposes of loyalty rewards and other customer benefits.
Retailers need to know that the data they’re entrusting to their integrated point of sale system is being secured safely and to the letter that the law requires, so that they, in turn, can assure customers that their information will remain private.
The idea behind data sovereignty is that digital data is under the jurisdiction of the country in which it is collected. That means that all Canadian consumer and business data is subject to Canada’s PIPEDA.
The problem is that a lot of cloud services and other major data servers are hosted in the United States. Much of this is due to the fact that so much internet infrastructure runs through the U.S.; however, more solutions are becoming available in Canada.
How Cova Is Protecting Canadian Cannabis Retail Data
Business and consumer data collected in Canada is protected by PIPEDA even if it’s stored outside the country’s physical borders. However, here at Cova, we understand how important data privacy and cannabis retail data protection is to our clients and their customers. And as a Canadian company, we know that our clients feel more secure knowing their valuable data is being hosted right here in Canada.
Because Cova is a subsidiary of iQmetrix — a leading provider of retail management in the cellular industry — we have the most robust data protection solution in the cannabis market. The infrastructure and software that powers Cova is extremely sophisticated, securely handling more than $16 billion across 200 million transactions every year from Canadian and American companies.
By sharing its infrastructure with iQmetrix, Cova leverages this sophisticated system at a much lower cost, truly taking advantage of the economies of scale that iQmetrix brings. Currently, iQmetrix hosts its data in Azure US-West.
However, ahead of legalization on October 17, Cova is creating a footprint in Azure Canada-Central to host all Canadian customer PII. Although we’ll continue to use the iQmetrix platform to power our core application, all Canadian customer data will remain in Canada, and protected by PIPEDA.
Learn More About Canadian Cannabis Retail
If you’re looking to get into Canada’s retail cannabis market and want to learn more about how Cova can help you safeguard cannabis retail data while streamlining other aspects of your operation, contact us today. You can schedule a free demo to see exactly how we can help you make the most of your Canadian cannabis retail business.