The Potential for Cannabis Trademarks in Canada is Huge

News broke recently that Tweed, Inc., a subsidiary of Canadian cannabis company Canopy Growth Corp., filed a Canadian trademark application on August 31, 2018 for CHRONIC BY DRE, which they subsequently withdrew, apologizing and calling it a mistake. As we’ve written before, the number of trademark filings covering cannabis and cannabis-related goods and services in Canada has increased dramatically since the cannabis legalization process began. This rush to file cannabis trademarks in Canada could have been what spurred Tweed’s employee to rashly file the CHRONIC BY DRE mark without obtaining the artist’s consent and without having any sort of licensing deal in the works. (No matter what jurisdiction you’re in, don’t ever file for trademark protection for a mark that is already affiliated with a celebrity, hoping to beat them to the punch.)

The application filed for CHRONIC BY DRE covered a wide range of goods including body lotion and body creams, essential oils, personal preparations containing cannabis or cannabis derivatives, sunglasses, housewares, jewelry, stationery, pet accessories, clothing, dog and cat toys, beverage products, smoking products and accessories, and “cannabis and marijuana and derivatives thereof, namely live plants, seeds, dried flowers, liquids, oils, oral sprays, capsules, tablets, and transdermal patches.” That’s pretty broad.

For anyone familiar with the trademark application process in the United States, this specification makes Tweed’s registration of the CHRONIC BY DRE mark seem unattainable, but in Canada, it is not (setting aside the fact that Tweed does not have any deal in place with Dr. Dre himself). In the U.S., as we’ve covered extensively, in order to obtain federal trademark protection, your mark must be in lawful use in commerce (or, if you’re filing an intent-to-use application, you must have a bona fide intent to use the mark lawfully in commerce at the time of filing). This precludes the federal registration of any mark for use on goods or services that violate the federal Controlled Substances Act.

And in fact, Andre Young AKA Dr. Dre filed a U.S. federal trademark application for CHRONIC BY DR. DRE way back in 2013, and it was ultimately abandoned. The examining attorney at the time inquired into whether the goods contained marijuana because if they did, the mark would not be eligible for registration.

But back to Canada, where it is possible to obtain a trademark registration for cannabis, and where Dr. Dre would likely be successful (barring other legal obstacles) in obtaining such a registration for CHRONIC BY DRE. Even though it is relatively straightforward to obtain a trademark for cannabis goods or services in Canada, there are many restrictions placed on how those cannabis trademarks can be used via the proposed cannabis regulatory framework. For example, cannabis trademarks may not be used to promote cannabis goods:

• In a manner that appeals to children;
• By means of a testimonial or endorsement;
• By depicting a person, character or animal, whether real or fictional;
• By presenting the product or brand elements in a manner that evokes a positive or negative emotion about or image of, a way of life such as one that includes glamour, recreation, excitement, vitality, risk, or daring;
• By using information that is false, misleading or deceptive, or that is likely to create an erroneous impression about the product’s characteristics, value, quantity, composition, strength, concentration, potency, purity, quality, merit, safety, health effects or health risks;
• By using or displaying a brand element or names of persons authorized to produce, sell or distribute cannabis in connection with the sponsorship of a person, entity, event, activity or facility, or on a facility used for sports, or a cultural event or activity; and
• By communicating information about price and distribution (except at point of sale).

For cannabis business owners in the U.S., it may make strategic sense to consult with a trademark attorney with experience filing cannabis-related applications to consider whether Canadian trademarks make sense. Because successful brands will be those that think globally, not nationally.

For more on Canadian branding (and marketing) regulations, check out my recent post here.

source https://www.cannalawblog.com/the-potential-for-cannabis-trademarks-in-canada-is-big/

The 2014 Farm Bill Expired: What Now for Industrial Hemp?

Breaking News: California Passes First Internet of Things (“IoT”) Law

Cannabis Litigation 101: Trade Secrets

DEA Reschedules FDA-Approved CBD

The “Tiger Hemp Beer” Case: Clear Your Cannabis Trademarks Before Filing

Cannabis Cybersecurity: Information Security Standards in Oregon

Last week we discussed the data breach notification laws with which cannabis companies doing business in Oregon must comply following a cyber intrusion. Today, we discuss the safeguards these companies must adopt to protect the security, confidentiality and integrity of customers and employee (collectively, “Consumer”)’s personal information, who reside in Oregon.

Pursuant to Oregon Revised Statutes (“ORS”) § 646A.622 any business that “owns, maintains or otherwise possesses, and has control over or access to,” written and electronic data that includes personal information used for business purposes, must develop, implement, and maintain reasonable safeguards to protect the personal information.

Generally, “personal information” means a Consumer’s first name or first initial and last name in combination with, for example, a Consumer’s social security number, driver license number or financial account information, if (1) encryption, redaction or other methods have not rendered the data element or combination of data elements unusable; and (2) the data element or combination of data elements would enable a person to commit identity theft against a consumer.

The company must act in accordance with this law by:

(1) Complying with:

• State or federal laws with greater protections for personal information than ORS § 646A.622;
• Gramm-Leach-Billey Act as of January 1, 2016 as of June 2018, if the company is subject to this act; or
• Requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as of June 2018, if HIPAA applies to the company;

and

(2) Implementing a security program that includes:

Administrative Safeguards, such as:

• Frequently identifying reasonably foreseeable internal and external risks;
• Frequently training and managing employees in security program practices and procedures; and
• Selecting service providers that are capable of maintaining appropriate safeguards and adhering to procedures and protocols to which you and the service provider agree, but also requiring the service providers by contract to maintain the safeguards, procedures and protocols.

 Technical Safeguards, like:

• Assessing risks and vulnerabilities in network and software design;
• Taking reasonably timely action to address the risks and vulnerabilities; and
• Applying security updates and a reasonable security patch management program to software that might reasonably be at risk of or vulnerable to a breach of security;

and

 Physical Safeguards, including but not limited to:

• Monitoring, detecting, preventing, isolation and responding to intrusions timely and frequently; and
• Disposing of personal information after you no longer use it for business purposes, pursuant to local, state and federal law.

So what does all of this mean? Simply put, business owners with 100 or fewer employees (which includes almost all Oregon cannabis businesses), will comply with these statutory requirements if their information security and disposal program contains administrative, technical and physical safeguards and disposal measures that are appropriate to: (1) the size and complexity of their business; (2) the nature and scope of their activities; and (3) the sensitivity of the personal information collected from or about a Consumer.

Cannabis business should take these safeguard standards seriously. Each violation if subject to a penalty of up to $1,000. Note that each day of a continuing violation is a separate violation, but the maximum penalty for any occurrence is $500,000. Civil penalties under ORS § 183.745 may also apply.

Complying with ORS § 646A.222 is not only required by law, it is also a very good idea for all cannabis business. Indeed, developing a vetted, comprehensive plan of action is the best way to effectively respond to an attack and to reduce the amount of damage to your company. Be safe out there!

source https://www.cannalawblog.com/cannabis-cybersecurity-information-security-standards-in-oregon/