Two female employees smiling at the camera

Compliancy

Every business is required to comply with data security regulations.

From customer credit card details to employee home addresses and beyond, you’ll be trusted to safeguard this data, meeting data privacy laws and regulations. 

There are different types of data security compliancy regulations at regional, national and global levels that you must comply with, or your company may face steep fines.

PCI – CREDIT CARD SECURITY REQUIREMENTS

These 12 critical components must be in place to meet PCI/DSS requirements for protecting credit card holder data.

  1. Install and maintain a commercial grade firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Use and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

    CANNABIS COMPLIANCY

    • ID Verification

    Verify customers are of legal age and their ID is expired to ensure all purchases are made legally.

    Further security enhancements include checking the validity of an ID using Mariner’s exclusive software integration to the leading ID reader from Gemalto. Get peace of mind knowing you have put the proper safeguards in place to protect your business.

    • Purchase and Time Limits

    In the cannabis industry by tracking & enforcing state/province purchase limits, operators are able to ensure their budtenders are not breaking any laws including Looping.

    With a single data base setup, CannaPoint’s software prevents customers from over-purchasing by confining their sales to the state limit no matter at which of your company’s locations they may have purchased product.

    CannaPoint also automatically converts purchase limits based on flower, concentrates or edibles letting your employees know exactly what can be sold.

    • State and Province Reporting Integration

    CannaPoint seamlessly connects your data in real time to your state or province’s traceability system. Automating the reporting process means less labor and less labor means less mistakes.

    • Inventory Management

    NCR’s Inventory Engine makes it easy to monitor all products from propagation to manufacturing to processing to retail. A centralized database ensures that inventory counts are accurately maintained whether you are a small mom and pop store or a large multi-unit operator.

      PERSONAL DATA PROTECTION COMPLIANCY

      All of Mariner’s POS solutions meet or exceed compliancy requirements related to the following: 

      GDPR

      The General Data Protection Regulation (EU)  (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).

      It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary goal is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

      The regulation contains provisions and requirements related to the processing of personal data of individuals who are located in the EEA, and applies to any enterprise, regardless of its location and the data subjects’ citizenship or residence that is processing the personal information of individuals inside the EEA.

      HIPPA

      The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

      CCPA2018

      The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This law secures new privacy rights for California consumers, including:

      Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.

      SOX Compliance (Sarbanes-Oxley Act)

      SOX compliance refers to the annual audit in which a public company is obligated to provide proof of accurate, data-secured financial reporting.

      SOX requires an Internal Control Report that states management is responsible for an adequate internal control structure for their financial records. SOX requires formal data security policies, communication of data security policies, and consistent enforcement of data security policies.