What is an Auntie Annes franchisee required to do if they suspect a security breach?
Auntie_Annes Franchise · 2024 FDDAnswer from 2024 FDD Document
If you suspect or know of a security breach, you must immediately give us notice of such security breach and promptly identify and remediate the source of any compromise or security breach at your expense.
You assume all responsibility for providing all notices of breach or compromise and all duties to monitor credit histories and transactions concerning customers of the Franchised Business.
- 12.3 Data Breach Notification.
If you learn of an incident that may be a "breach of the security of the system" under Cal. Civ. Code § 1798.82 or any other data breach notification Law, you must immediately notify us of the facts that are known about the incident (a "Data Breach").
Although you are responsible for complying with all data breach notification Laws and standards applicable to your organization, we expect that you will coordinate with us regarding such incidents where notification to individuals is required before individuals are notified so that we can be aware of and be prepared to address issues that may affect the System and be in a position to support you where possible.
In the event of an actual or suspected Data Breach, you grant us and our designees and agents the right, exercisable in our sole and absolute discretion, to conduct an investigation of the incident and to install, run, and maintain any hardware, software, or code on your Computer System or in your computer network necessary or advisable to facilitate the investigation and to contain and remediate the incident, and you agree to cooperate with us and to provide us with any access and information we may reasonably request for those purposes.
Source: Item 22 — CONTRACTS (FDD page 106)
What This Means (2024 FDD)
According to Auntie Annes's 2024 Franchise Disclosure Document, if a franchisee suspects or knows of a security breach, they must immediately notify Auntie Annes. The franchisee is also required to promptly identify and fix the source of the security breach at their own expense.
Furthermore, if the incident qualifies as a "breach of the security of the system" under Cal. Civ. Code § 1798.82 or any other data breach notification Law, the franchisee must immediately inform Auntie Annes of all known facts about the incident, which is termed a "Data Breach".
While the franchisee is responsible for complying with all data breach notification laws and standards, Auntie Annes expects to coordinate with the franchisee, especially when notification to individuals is required. This coordination is intended to keep Auntie Annes informed and prepared to address issues that may affect the entire Auntie Annes system and to support the franchisee where possible. Auntie Annes also has the right to investigate the incident and install any hardware/software on the franchisee's system to remediate the issue, and the franchisee is expected to cooperate in such investigations.