Do Dispensaries Share My Information with the Government? - (2023)

The protection of one’s personal information is a touchy subject, especially when it comes to cannabis. Although legal in 35 states, it is still not legal at the federal level, and many employers still drug test for THC. For these reasons, many dispensary customers are concerned about retention and sharing of their personal information.

We frequently see Reddit threads asking for clarification on why dispensaries scan their ID and/or record their personal information:

Dispensary asked for my ID and took my info – should I be worried?

Do dispensaries record your license info?

Visited a dispensary – Is my security clearance screwed?

(Video) What are establishments doing with your information once it's scanned from your ID?

Are IDs being scanned at dispensaries for recreational purchase?

Often, the responses can be a bit alarmist.

Do Dispensaries Share My Information with the Government? - (1)

As experts in dispensary ID scanning, and data retention policies, we want to clear up misconceptions, put consumers’ minds at ease, and share our knowledge about best practices for age verification for dispensaries. So what happens when your ID is scanned while purchasing cannabis or cannabis related products?

First, the answer depends on whether the cannabis you’re purchasing (or dispensary you’re visiting) is recreational use or medical use. Most states have different regulations and governing bodies for medical and recreational marijuana.

Data Privacy for Recreational Marijuana Dispensaries

As for recreational use, things get a bit tricky, and it often varies on a state by state basis with some states banning the sharing of personal information with the government entirely. All states require age verification of consumers before cannabis purchase, and three states (Nevada, Illinois, and New Jersey) require that age verification be performed digitally, using an ID scanner, to better detect fake IDs.

(Video) Cannabis Fake ID Scanner Berkshire Roots - IDentiFake by TokenWorks

Currently, New Jersey is the only state we are aware of that requires that audit logs be shared with the state NJCRC. However, these audit logs contain no PII except for date of birth, so they could not be used to identify a specific customer or purchase at a New Jersey dispensary.

So while all states have very strict track-and-trace rules for chain of custody on the cannabis products that are sold, 0 states actually require any retention of PII on customers that enter the premises.

Do Dispensaries Share My Information with the Government? - (2)

States such as Illinois, Montana, and California all have set limits for retention of PII, from Illinois (where no PII can be retained from an ID scan), to Montana (where data can be retained for up to 180 days). These states are taking active measures to ensure PII is regularly removed from the system, and that privacy of cannabis purchasers is a priority for dispensaries.

The other main reason that dispensaries gather your personal information is to ensure you stay within the legal purchase limits, which vary by state. By scanning your ID and storing your personal information in a general system for a short amount of time, it ensures that both you and the business are protected from exceeding your daily maximum. For dispensaries with multiple locations they will likely share your purchase amount with a centralized database to combat looping.However, this information is stored securely inside the cannabis retailer’s POS or customer tracking system. It is not integrated or uploaded to any government databases.

(Video) Meet the Medwell Health & Wellness Team of Florida! Your Medical Marijuana Specialists

For dispensaries, if they are found to be violating daily maximum laws they can be fined, or even lose their license. So tracking daily maximums for each customer is crucial. Owners of a Colorado dispensary were sentenced to prison in 2019 for looping that allowed more than 2.5 tons of marijuana to hit the black market.

Whether or not the business is digitally scanning, they are likely still entering your information into their CRM or database for the purpose of internal marketing. The dispensary market is highly competitive, and sending marketing emails, SMS messages, or even direct-mail coupons, can help retain customers. By creating a customer profile and tracking your purchase habits, the company has a better chance of selling more to you in the future.

Data Privacy for Medical Marijuana Dispensaries

Data privacy and retention for medical marijuana vary by state.

Most states, such as Florida, have a Medical Marijuana Registry, which is used to issue a Medical Marijuana Card that includes a photo ID that is physically sent as part of the registration process. This card must be shown to gain entry to dispensaries (and in some cases swiped). However, because these HIPAA records are legally required to be kept private, thus protecting personal information related to prescribed cannabis purchase. To get a medical marijuana card, you must receive a recommendation from a certified physician upon diagnosis of a qualifying condition, and then apply with their government entity.

Do Dispensaries Share My Information with the Government? - (3)
(Video) Templeton Cannabis Establishment Community Outreach meeting of June 4, 2019

The following states issue medical marijuana cards and have centralized databases of all eligible patients, and do not offer recreational marijuana (and therefore no ability for legal purchase without sharing PII with the government).

Louisiana is another example of a medical-only state, but one that does not use cards, or have a centralized database of any kind. After assessment by a physician, the recommendation may be made for cannabis to be part of your treatment plan. The doctor will then send the recommendation to a dispensary, thus allowing the patient to purchase medical marijuana – similar to the way a pharmacy works for prescription pills. The only records of the cannabis prescription and purchase are with the prescribing physician and the dispensary.

Because the vast majority of insurance companies do not cover prescribed cannabis, they do not hold any records for the prescription or coverage for the product. So there is less opportunity for a paper trail than other prescriptions where the insurance company will also hold a detailed record.

As many states legalize recreational cannabis, the need for stringent medical marijuana programs lessens, and fewer patients utilize the more stringent model of verification and product purchase. So if staying off of any government lists or databases is important you may want to forego a cannabis prescription and purchase via recreational channels.


The short answer to the question of whether or not recreational dispensaries are sharing your information with the government is: no. Why are we so confident?

(Video) Town Board Meeting - July 13, 2022

  • No state Cannabis Control Board requires that dispensaries share PII on their customers.
  • Many state Cannabis Control Boards specifically require that dispensaries dump PII and/or require reasonable measures to ensure privacy of their customers.
  • There is no federal Cannabis Control organization, and states do not share data between them.
  • There is no mechanism or format for collection of customer information that could be readily exported and shared with any government or private entity.
  • The largest POS systems are configured to save information that is relevant to customer loyalty and marketing.

So don’t worry: your cannabis purchases are not being tracked at either the state or federal level, and even if your favorite dispensary scans your ID, they are simply verifying your age and streamlining the creation of your customer profile. No PII is exported or shared with the government.

Either way, is here to help guide you in the selling process. To learn more about ID scanning in the cannabis industry, download your and be sure to contact one of our industry experts.


1. Weed Vending Machines and the Future of Cannabis
(Cannabis Legalization News)
2. Cannabis Community Meeting | Back Bay | Wednesday, December 14, 2022, 6 p.m.
(Boston City TV)
3. Licensing Commission Meeting - October 21, 2019
(Somerville GovTV)
4. Boston Cannabis Board Transactional Hearing 11-12-2021
(Boston City TV)
5. SNDL - Does Sundial Have A New Problem or is this Under Control?
(Just Randy - Stocks)
6. FY2019 Budget Hearing - Behavioral Health and Intellectual disAbility Services 4-18-2018
(Philadelphia City Council)
Top Articles
Latest Posts
Article information

Author: Mrs. Angelic Larkin

Last Updated: 05/23/2023

Views: 5319

Rating: 4.7 / 5 (47 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Mrs. Angelic Larkin

Birthday: 1992-06-28

Address: Apt. 413 8275 Mueller Overpass, South Magnolia, IA 99527-6023

Phone: +6824704719725

Job: District Real-Estate Facilitator

Hobby: Letterboxing, Vacation, Poi, Homebrewing, Mountain biking, Slacklining, Cabaret

Introduction: My name is Mrs. Angelic Larkin, I am a cute, charming, funny, determined, inexpensive, joyous, cheerful person who loves writing and wants to share my knowledge and understanding with you.