The Arizona Revised Statutes have been updated to include the revised sections from the 56th Legislature, 1st Regular Session. Please note that the next update of this compilation will not take place until after the conclusion of the 56th Legislature, 2nd Regular Session, which convenes in January 2024.
DISCLAIMER
This online version of the Arizona Revised Statutes is primarily maintained for legislative drafting purposes and reflects the version of law that is effective on January 1st of the year following the most recent legislative session. The official version of the Arizona Revised Statutes is published by Thomson Reuters.
A. Within one hundred twenty days of the effective date of this chapter, the department shall establish a secure, password-protected, web-based verification system for use on a twenty-four hour basis by law enforcement personnel, nonprofit medical marijuana dispensary agents and employers to verify registry identification cards. An employer may use the verification system only to verify a registry identification card that is provided to the employer by a current employee or by an applicant who has received a conditional offer of employment.
B. The verification system must allow law enforcement personnel and nonprofit medical marijuana dispensary agents to enter a registry identification number and verify whether the number corresponds with a current, valid identification card.
C. The system shall disclose:
1. The name of the cardholder, but must not disclose the cardholder's address.
2. The amount of marijuana that each registered qualifying patient received from nonprofit medical marijuana dispensaries during the past sixty days.
D. The verification system must include the following data security features:
1. Any time an authorized user enters five invalid registry identification numbers within five minutes, that user cannot log in to the system again for ten minutes.
2. A users log-in information shall be deactivated after five incorrect login attempts until the authorized user contacts the department and verifies the user's identity.
3. The server must reject any log-in request that is not over an encrypted connection.