Privacy Policies Drafted for National Retailer

Challenge

One of the nation’s largest cannabis companies needed to accommodate dozens of unique data protection laws. Despite receiving outside counsel guidance, they wanted to better understand individual state regulatory laws and how they intersected with HIPAA (Health Insurance Portability and Accountability Act) to perform a full gap analysis and remediation plan.

Approach

An Axiom privacy maestro with 20+ years of experience analyzed the burgeoning cannabis retail sector to identify how key privacy laws apply to the business. She created a flexible state-by-state remediation plan that incorporated prior outside counsel advice. Uniquely based on the client’s risk profile and priorities, the plan outlined each phase in detail down how many hours each state’s remediation project would take. Subsequently, the Axiom attorney built out full data maps for the organization’s business units and overlayed these maps onto one another for the IT (Information Technology) team. 

Impact 

• Ensured compliance with HIPAA and multiple state specific privacy regulations without drawing away from in-house resources
• Created and mapped a central privacy library to an overarching gap analysis and remediation plan that the legal team could carry out independently
• Reduced spending from equivalent law firm support