- What is the purpose of the California Cannabis Authority?
- What is a Join Powers Authority? Why create a JPA?
- Who will govern CCA?
- Who can access the data and how?
- How will financial institutions access data?
- What type of privacy requirements does the CCA follow? Is CCA subject to public records requests?
- What are the requirements of joining CCA?
- How will CCA be funded?
- How will CCA interface with the state's track and trace program? Is this a duplicative system?
- Which counties have joined CCA?
What is the purpose of the California Cannabis Authority?
When voters approved Proposition 64, they did so with the express intention to implement a licensing system; both state and local authorities would have a say in the regulation and taxation of commercial cannabis. Effective and efficient regulation, however, requires access to a robust data set of commercial cannabis transactional information and the expertise to make sense of it. While the State has its track and trace system and Prop. 64 requires access to that data by local governments, the State has yet to provide any meaningful access. Without the ability to view state track and trace data, local governments are unable to effectively or efficiently regulate local commercial cannabis.
This leaves local governments in a bit of a bind: don’t regulate at all (either prohibit commercial cannabis or allow it to operate without supervision and risk unwanted public safety issues), or require burdensome licensee reporting and duplication of the State’s track and trace data.
CCA is a third alternative. CCA provides it members access to track and trace data, as well as other relevant data sources regarding commercial cannabis in their jurisdictions. However, raw data alone is meaningless without context and analysis. That is why CCA’s platform provides sophisticated analytics combining a variety of data sources into a single place and through actionable intelligence and reports allow local governments to efficiently and effectively regulate commercial cannabis in their jurisdictions.
CCA also provides a unique forum for Members and Participants to exchange and collectively develop best practices regarding enforcement, audit, compliance, and reporting procedures as well as a means of sharing relevant commercial cannabis information.
Finally, through the data platform, CCA can assist those financial institutions needing an independent source of licensee track and trace data along with the analytics necessary to comply with ‘know your customer’ rules. Bus. & Prof. Code Sec. 26260 was recently enacted to facilitate financial intuition access to information to facilitate commercial banking.
What is a Joint Powers Authority? Why create a JPA?
Joint Powers Authorities (JPAs) are public entities created pursuant to the Joint Exercise of Powers Act (Gov’t Code Sec. 6500, et. seq.) that allow two or more public agencies to jointly exercise common powers. Forming a JPA provides a creative approach to the delivery of public services, and also permits public agencies with the means to provide services more efficiently and in a cost-effective manner.
The California Cannabis Authority (CCA) is a Joint Powers Authority (JPA) created by contract between counties with cannabis regulatory and taxing authority. You can read the JPA here. California’s medical and adult-use cannabis laws allow local governments to determine how best to regulate cannabis within their jurisdictions. Not all counties will choose to regulate commercial cannabis activity, and some counties may choose to ban this type of activity within their jurisdictions. For counties that are actively regulating and/or taxing commercial cannabis activity, a separate public entity will help efficiently and cost-effectively deliver information services to help fulfill their specific needs.
Who governs CCA?
CCA’s Board of Directors is be made up of one representative from each county that joins the organization. As CCA grows, the day-to-day business of CCA will be directed by an Executive Committee consisting of five members from the Board of Directors. Cities and other public entities are allowed to participate in the JPA and access the data platform but will not be part of the authority’s governance structure. Financial institutions will have access to the data platform by written contract as provided in Bus. & Prov. Code Sec. 26260.
Who can access the data and how?
While counties make up the governing structure of CCA, other public entities including cities and state agencies can participate and access data through separate agreements. The data platform is a cloud-based system. Member counties and participants will be able to access the database on the internet with a secure log-in connection through the CCA website. Access to data in the platform is role-based and data-based ensuring that users have only access to information relevant to their needs and functions. Users are also proscribed from using Platform data for unofficial purposes and only those agency personnel specifically authorized and who agree to keep Platform data strictly confidential are permitted access.
How do financial institutions access data?
Pursuant to the terms of Bus. & Prov. Code Sec. 26260, upon receipt of a written request and waiver by a licensee, CCA may share application, licensee, and other regulatory and financial information with the financial institution designated by a licensee in that request for the purpose of facilitating the provision of financial services for that licensee. CCA will work with interested financial institutions and their licensee clients to provide the information authorized by the B&P Code in a manner that is efficient and effective in support of providing financial services to the commercial cannabis industry.
What type of privacy requirements does the CCA follow? Is CCA subject to public records requests?
Licensee data stored in the CCA platform is not subject to public disclosure under the Public Records Act. (See Gov’t Code Sec. 26067(b)(6).). Any information or records shared with other public agencies will be pursuant to a Memorandum of Understanding (MOU) to ensure that all information that is confidential and not subject to the Public Records Act under Proposition 64 remains so. The data platform also adheres to all federal security standards, including the Federal Risk and Authorization Management Program (FRAMP) process to conduct security assessments, authorizations and continuous monitoring of cloud services.
What are the requirements of joining CCA?
CCA is structured around Members and Participants. Counties are CCA Members and join the Joint Powers Authority (JPA) when their County Board of Supervisors passes a resolution to adopt the JPA Agreement. Participants are cities and other public agencies who wish to participate in the JPA and receive access to the data platform. CCA Participants enter into a Memorandum of Understanding (MOU) with CCA defining the terms and security of access to the data platform.
How is CCA funded?
The fee structure for membership is set by the Board of Directors. The most recent fee structure includes a base membership fee for each county (cities will pay a reduced rate membership fee) as well as additional fees based on their use of the data platform, measured in quarterly sales. This fee structure ensures that every member and participant contribute to the cost of the organization as well as an amount commensurate with their usage of the platform. The usage fee structure is consistent with other Software as Service providers, financial institutions, and revenue structures, as the amount of data tracked and analyzed is tied to the fee paid.
It is the decision of each member county or city participant to determine what source of funds the fee will originate from, whether it be part of tax proceeds, fee revenue, or another source.
How does CCA interface with the state’s track and trace program? Is this a duplicative system?
CCA has made significant changes to the way it acquires Track and Trace (TaT) data. Though the State has yet to provide meaningful direct access to its TaT system for local governments, CCA utilizes a commercial API to acquire much of the data we need to operate the data platform efficiently and effectively for our members. Consequently, CCA's platform does not require a duplication of reporting by licensees. We do, however, need some additional out-bound pricing information that the State's TaT system either doesn't include or doesn't include in its commercial API data set.
CCA’s data platform, however, begins where the State’s TaT system stops. TaT systems are built to compile information, not necessarily analyze it or provide it to regulators in a meaningful context. Moreover, California’s TaT system essentially aggregates data from a single source; licensees.
CCA’s platform is not constrained to a single source of data and not designed to aggregate data per se but to analyze aggregated data, evaluate it in context, and provide users with actionable intelligence on that data. The CCA data platform puts an otherwise unmanageable tidal wave of commercial cannabis transactional data into meaningful, actionable intelligence in support of local licensing, code enforcement, and tax collection.
The platform looks for anomalies with individual data sources and also looks at how those sources interact with one another, giving a more complete picture and a higher degree of confidence that what is being reported and what is occurring are truly one and the same. When they are not the same, the Platform creates an alert. The speed at which the alert is delivered is key for investigation and enforcement actions to correct bad behaviors and catch bad actors quickly and more efficiently.
Which counties have joined CCA?
To date, Monterey, San Luis Obispo, Yolo, Humboldt, Mendocino, Inyo, and Lassen Counties are members of CCA. The President of the organization is Supervisor Estelle Fennell from Humboldt County. The Secretary is Mary Zeeb, Monterey County Treasurer-Tax Collector, and Jim Hamilton, San Luis Obispo Treasurer-Tax Collector/Auditor-Controller is the Treasurer.