ID Scanners in the Dispensary: How to Handle Customer Data Privacy Concerns

by Mary Briggs,

Answer some of your customers’ most pertinent data privacy questions before they ask.

Enterprise data breaches frequently make headlines all around the world. People are becoming increasingly wary about who they share personally identifiable information with.

This society-wide focus on data security expresses itself in the cannabis industry as well. Several high-profile cannabis businesses have already suffered through data breaches that exposed patient and customer information.

Compliance-oriented point-of-sale software is a powerful tool for data protection in the modern dispensary, but customers are not typically aware of how data privacy works, or whether they are protected.

Unsurprisingly, cannabis users are taking greater care of their personal data than ever before. Cannabis dispensary owners will often see this newfound skepticism right at their front doors – when customers ask why they need to scan their IDs to enter the store.

Dispensary Owners Need to Reassure Their Customers

The last thing a dispensary owner wants to do is make their customers suspicious. Cannabis is still a touchy subject in many communities, and many customers prize discretion above all else when considering their purchase choices.

The important thing to remember is that customers’ data privacy concerns are valid. Anyone who hands over personally identifiable information to an organization has the right to know how that organization plans on using – and protecting – their data.

As is often the case, clear and consistent communication will help dispel the myths that people often indulge when it comes to dispensary ID scanning. Helping your customers understand the problems that scanning technology solves will help normalize the activity and prevent conspiracy theories from taking hold.

Opening up an authentic discussion on the practical benefits ID scanning technology offers will help instill trust both in the process and in the cannabis industry as a whole. These kinds of trust-building exercises are crucial to the normalization of cannabis consumption and to the health of the cannabis community at large.

How to Talk to Customers About Dispensary ID Scanning

1. Scanning Means Less Time Waiting in Line

Without automated scanning in place, customers will have to wait while employees conduct age verification checks on each and every customer in the store. Telling customers that ID scanning means spending less time waiting in line is usually enough to show them that the process helps them as much as it helps the dispensary.

This is especially true in large dispensaries located in high-traffic areas. Customers are largely unaware of the specifics of cannabis regulation. Helping them understand these responsibilities can play an important role in keeping them on your side.

2. ID Scans Prevent Human Error

If a dispensary fails to accurately verify a customer’s age due to human error, it will attract regulators’ attention. Authorities take these kinds of discrepancies seriously and can force dispensaries to undergo expensive audits if they suspect that something is amiss.

Unfortunately, human employees are prone to error. While a dispensary employee may correctly process hundreds of IDs per day, it only takes one mistake to cause serious trouble for the entire dispensary.

Automation helps ensure stable, consistent compliance results, especially when dealing with repetitive tasks like verifying IDs. The ability to automatically verify each customer’s age as they enter the store in an accurate, error-proof way is key to enabling long-term regulatory compliance. Otherwise, mistakes will eventually occur.

3. Scanning Prevents Minors From Using Fake IDs

It is not hard for minors to create fake IDs. However, the vast majority of fake IDs are just convincing lookalikes made out of regular plastic. These documents do not feature a scanning strip that contains accurate data about the ID holder.

This is why simply looking at an ID and asking the ID holder to state their birthday is not enough for the cannabis industry. If minors are able to gain access to cannabis products, state regulators will step in and find ways to make the process more secure, even if they end up hobbling an already tightly regulated industry. Nobody wants this to happen.

Responsible cannabis vendors dedicate significant time and energy to preventing minors from using fake IDs to get into cannabis stores. While it is true that minors can simply purchase fake IDs that scan properly, they are significantly more expensive and harder to obtain. ID scanning remains an effective deterrent for the vast majority of minors with fake IDs.

4. There Is No Federal Database for Cannabis Scanning Data 

Somewhere along the conspiracy theory train of thought, there is a growing fear that cannabis dispensaries are somehow aiding the Federal government in a supposed future crackdown on cannabis users. The idea is often based on the assumption that cannabis dispensaries are only allowed to function because they furnish the Federal government with data on cannabis users.

While this would make a great premise for a sci-fi thriller novel, the reality of today’s cannabis industry is not nearly as exciting. The fact that cannabis is illegal at the Federal level prohibits government agencies from actively participating in the state cannabis industry at all. Any “deal” the federal government makes with the cannabis industry would make it an accessory to a criminal act – a position that would force the government into an incredibly awkward position.

Following federal legalization, there would be nothing preventing the government from creating a database of cannabis users, but it’s hard to see an incentive for it to do so. Helping customers understand the government’s position on cannabis will help alleviate these kinds of fears.

How to Handle Data Privacy Concerns

Data privacy includes a separate, but related, set of concerns that customers may bring up with dispensary employees. Customers who are wary about identity theft will want to know how their dispensary systems handle their transaction records, credit card information, and other personally identifiable data.

As usual, most customers will not have a complete understanding of the kinds of regulatory concerns dispensaries have to respond to. Educating them on how the dispensary handles private data and what kinds of data it reports to state authorities can help establish and maintain trust.

1. Customers Must Opt-In to Create Customer Profiles

A dispensary that wants to incorporate a loyalty program like springbig cannot simply enroll its customers en masse. As with all loyalty programs, customers will have to opt-in and offer their personally identifiable information to the dispensary in exchange for discounts and special offers. This enables direct marketing opportunities that help the customer.

Dispensaries that reinforce the importance of data privacy consent are going to see far better results from their loyalty programs and marketing efforts. If customers are not informed about how their data will be used, or whether it is protected, they are more likely to simply pass on the opportunities that customer retention programs offer.

2. State Regulators Don’t Want Customer Phone Numbers, Email Addresses

It can be helpful for dispensaries to clearly state what kind of data state regulators actually expect them to provide. Cannabis customers do not use Metrc, and may not know what kind of data it collects when processing their transactions.

If your dispensary is collecting customer phone numbers for an SMS marketing campaign, you should emphasize that cannabis transaction reports do not include customer phone numbers. Customers may assume that the transaction data dispensaries send to regulators includes their names, phone numbers, and email addresses if nobody tells them specifically that this is not the case.

Dispensaries can even take their approach one step further and tell customers exactly what kind of data is included in their transaction reports. Educating customers on the requirements of cannabis compliance helps to build a more conscious, compliance-friendly community for everybody.

3. Secure Dispensary Data and Reassure Customers

Cybercrime is a constant threat, and even if dispensaries do not send personally identifiable data to regulators, they can still accidentally expose that data to cybercriminals. Dispensaries that deploy solutions with state-of-the-art cybersecurity features are more resistant and trustworthy than those that do not.

Because most cannabis customers do not have specialist cybersecurity knowledge or expertise, brand reputation is extremely important when choosing software vendors in the cannabis industry. Greenbits is hosted on Amazon Web Services, which is one of the most secure and reputable infrastructure platforms in the world. Letting people know who safeguards their data will help quell their concerns about data privacy.

Create a Data Privacy Policy for Your Dispensary

The best way to address your customers’ data privacy concerns is through the implementation of a comprehensive data privacy policy. This policy can address cybersecurity, video camera footage retention, and compliance reporting in a single document, giving your employees a single point of reference for data-related customer concerns.

Implementing the right tools will help enable you to create a policy that protects customer data and ensures best-in-class compliance moving forward. As data privacy and cybersecurity laws change, dispensary owners will need to accommodate new threats with speed and consistency.