Who is responsible for the cost of identifying and remediating a security breach in an Aplus store?
Aplus Franchise · 2024 FDDAnswer from 2024 FDD Document
We may designate the information system used in your APLUS Store, including the computer hardware, software other equipment and enhancements (the "Information System"). If you suspect or know of a security breach, you must immediately give notice of such security breach and promptly identify and remediate the source of any compromise of security breach at your expense. You assume all responsibility for providing all notices of breach or compromise and all duties to monitor credit histories and transactions concerning customers of the franchised business unless otherwise directed by us.
You are solely responsible for protecting yourself from disruptions, internet access failures, Internet content failures, and attacks by hackers and other unauthorized intruders and you waive any and all claims you may have against us or our affiliates as the direct or indirect result of such disruptions, security breach and promptly identify and remediate the source of any compromise of security breach at your expense. You assume all responsibility for providing all notices of breach or compromise and all duties to monitor credit histories and transactions concerning customers of the franchised business, unless otherwise directed by us.
Source: Item 11 — FRANCHISOR'S ASSISTANCE, ADVERTISING, AND TRAINING (FDD pages 40–47)
What This Means (2024 FDD)
According to Aplus's 2024 Franchise Disclosure Document, the franchisee is responsible for the costs associated with identifying and remediating security breaches at their Aplus store. Specifically, if a security breach is suspected or known, the franchisee must immediately report it and promptly identify and fix the source of the breach at their own expense.
This means that Aplus franchisees bear the financial burden of addressing any security vulnerabilities or incidents that occur within their business. This responsibility extends to providing all necessary notifications of the breach or compromise and monitoring credit histories and transactions of customers, unless Aplus directs otherwise.
Furthermore, the franchisee is solely responsible for protecting their business from disruptions, internet access failures, content failures, and attacks from hackers or unauthorized intruders. The franchisee also waives any claims against Aplus or its affiliates resulting from such disruptions or security breaches. This allocation of responsibility highlights the importance of franchisees investing in robust security measures and protocols to safeguard their systems and customer data, as they will be directly liable for any costs incurred in the event of a breach.