What must a Beggars Pizza franchisee do if the franchisor requests notification to customers after a cyber-event?
Beggars_Pizza Franchise · 2025 FDDAnswer from 2025 FDD Document
- 7.14 Protection of Customer Data.
Franchisee must use its best efforts to protect customers against a cyber-event, identity theft, or theft of personal information.
Franchisee must at all times be in compliance with (a) the Payment Card Industry Data Security Standards ("PCI DSS"), (b) the Fair and Accurate Credit Transactions Act ("FACTA"), (c) applicable regional, national, international, and local laws and regulations relating to data and personal privacy, data security (including, without limitation, the use, storage, transmission, and disposal of data regardless of media type), security breaches, and electronic payments, (d) the operating rules and regulations of all credit card, debit card, and/or ACH processors and networks that are utilized in the System, and (e) Franchisor's security policies and guidelines, all as may be amended from time to time.
Franchisee must notify Franchisor immediately, but no more than three (3) business days, after Franchisee becomes aware of or is notified about, any cyber-event, identity theft, or theft of personal information related to any customer or employee of the Restaurant or that relates to the Restaurant, and agrees, upon Franchisor's request, to immediately provide notice to all customers, employees, and any other individuals of such event in such form Franchisor may direct.
Source: Item 22 — CONTRACTS (FDD page 39)
What This Means (2025 FDD)
According to Beggars Pizza's 2025 Franchise Disclosure Document, a franchisee must notify the franchisor immediately, but no more than three business days after becoming aware of any cyber-event, identity theft, or theft of personal information related to any customer or employee, or related to the restaurant. Furthermore, upon Beggars Pizza's request, the franchisee must immediately provide notice to all customers, employees, and any other individuals of such event in the form that Beggars Pizza directs.
This requirement ensures that Beggars Pizza can take swift action to mitigate the damage caused by a data breach and maintain customer trust. The franchisee's prompt notification allows Beggars Pizza to coordinate a response, provide guidance, and ensure consistent messaging across the franchise system. The franchisee bears the responsibility of informing affected parties according to the franchisor's instructions, which may involve specific wording, channels, and timing.
This obligation is in addition to the franchisee's general duty to use their best efforts to protect customer data and comply with data security laws and standards. Franchisees must comply with the Payment Card Industry Data Security Standards (PCI DSS), the Fair and Accurate Credit Transactions Act (FACTA), and other applicable laws and regulations. This comprehensive approach to data protection aims to minimize the risk of cyber incidents and protect sensitive information.
For a prospective Beggars Pizza franchisee, this means being prepared to act quickly and decisively in the event of a data breach. It is crucial to have systems in place to detect and respond to cyber incidents, and to maintain open communication with the franchisor. Understanding and adhering to Beggars Pizza's data security policies and procedures is essential for protecting customer data and maintaining the integrity of the Beggars Pizza brand.