One of the nation’s largest cannabis companies needed to accommodate dozens of unique data protection laws. Despite receiving outside counsel guidance, they wanted to better understand individual state regulatory laws and how they intersected with HIPAA (Health Insurance Portability and Accountability Act) to perform a full gap analysis and remediation plan.
An Axiom privacy maestro with 20+ years of experience analyzed the burgeoning cannabis retail sector to identify how key privacy laws apply to the business. She created a flexible state-by-state remediation plan that incorporated prior outside counsel advice. Uniquely based on the client’s risk profile and priorities, the plan outlined each phase in detail down how many hours each state’s remediation project would take. Subsequently, the Axiom attorney built out full data maps for the organization’s business units and overlayed these maps onto one another for the IT (Information Technology) team.