Is the Subfranchisor responsible for the security of collected data from outside intrusion through any workstations, computers, or mobile devices in the Anago agreement?

According to Anago's 2025 Franchise Disclosure Document, the franchisor is not responsible for security breaches through the subfranchisor's devices. The FDD states that Anago will maintain security measures to protect information collected from the subfranchisor that is stored on Anago's designated servers. However, Anago explicitly states that it "is not responsible for any loss or damages caused by a breach of security through the Subfranchisor's computers, servers, or mobile devices." This places the onus on the subfranchisor to secure their own systems and devices against unauthorized access and potential data breaches.

In addition to the franchisor not being responsible for security breaches through the subfranchisor's devices, the subfranchisor must implement all necessary safeguards to protect personal information. The subfranchisor is responsible for confirming that the safeguards used to protect personal information comply with all applicable laws and industry best practices related to the collection, access, use, storage, disposal, and disclosure of Personal Information. If a breach occurs, the subfranchisor is obligated to immediately notify Anago and specify the extent to which personal information was compromised or disclosed.

This division of responsibility is fairly common in franchising, where franchisees or subfranchisors are typically responsible for managing and securing their own IT infrastructure. Prospective Anago subfranchisors should carefully evaluate the costs associated with implementing robust security measures to protect their systems and sensitive data, as these costs are their sole responsibility. They should also understand their obligations to comply with data protection laws and industry best practices.