Is a 7 Brew franchisee responsible for the consequences if the Computer System is not properly maintained?
7_Brew Franchise · 2025 FDDAnswer from 2025 FDD Document
You must comply with our reasonable instructions regarding the organizational, physical, administrative, and technical measures and security procedures to safeguard the confidentiality and security of the names, addresses, telephone numbers, e-mail addresses, dates of birth, demographic or related information, buying habits, preferences, credit-card information, and other personally-identifiable information of customers ("Consumer Data") and, in any event, employ reasonable means to safeguard the confidentiality and security of Consumer Data. You must comply with all Laws governing the use, protection, and disclosure of Consumer Data.
If there is a Data Security Incident at the Store, you must notify us immediately after becoming aware of the actual or suspected occurrence, specify the extent to which Consumer Data was compromised or disclosed, and comply and cooperate with our instructions for addressing the Data Security Incident in order to protect Consumer Data and the 7 BREW Store brand (including giving us or our designee access to your Computer System, whether remotely or at the Store). We (and our designated affiliates) have the right, but no obligation, to take any action or pursue any proceeding or litigation with respect to the Data Security Incident, control the direction and handling of such action, proceeding, or litigation, and control any remediation efforts.
"Data Security Incident" means any act that initiates either internally or from outside the Store's computers, point-of-sale terminals, and other technology or networked environment and violates the Law or explicit or implied security policies, including attempts (either failed or successful) to gain unauthorized access (or to exceed authorized access) to the Franchise System, 7 BREW Stores, or their Data or to view, copy, or use Consumer Data or Confidential Information without authorization or in excess of authorization; unwanted disruption or denial or service; unauthorized use of a system for processing or storage of Data; and changes to system hardware, firmware, or software characteristics without our knowledge, instruction, or consent.
Source: Item 22 — CONTRACTS (FDD pages 82–83)
What This Means (2025 FDD)
According to 7 Brew's 2025 Franchise Disclosure Document, franchisees are responsible for maintaining the security of customer data and for any data security incidents that occur at their store. The franchisee must comply with all laws governing the use, protection, and disclosure of consumer data. This includes implementing reasonable organizational, physical, administrative, and technical measures and security procedures to safeguard the confidentiality and security of customer data.
A "Data Security Incident" is defined as any act that attempts to gain unauthorized access to the Franchise System, 7 Brew Stores, or their data, or to view, copy, or use Consumer Data or Confidential Information without authorization. It also includes unwanted disruption or denial of service, unauthorized use of a system for processing or storage of Data, and changes to system hardware, firmware, or software characteristics without 7 Brew's knowledge, instruction, or consent.
If a Data Security Incident occurs at the store, the franchisee must notify 7 Brew immediately and specify the extent to which Consumer Data was compromised or disclosed. The franchisee must also comply and cooperate with 7 Brew's instructions for addressing the Data Security Incident in order to protect Consumer Data and the 7 Brew Store brand. 7 Brew has the right, but not the obligation, to take any action or pursue any proceeding or litigation with respect to the Data Security Incident, control the direction and handling of such action, proceeding, or litigation, and control any remediation efforts. This indicates that the franchisee bears the initial responsibility for maintaining the computer system and data security, but 7 Brew may step in to take control of the situation in the event of a data security incident.