What is the deadline for a Best Western member to notify Best Western if their data security systems are compromised?
Best_Western Franchise · 2025 FDDAnswer from 2025 FDD Document
-
- Member shall be responsible for complying with Payment Card Industry Data Security Standards ("PCI-DSS") and all applicable data privacy/security laws. Member shall adopt adequate measures to ensure the safety and security of customer information, including but not limited to Personally Identifiable Information ("PII") and credit card data. In no event shall Member exercise less than reasonable care in securing such information. If Member's data security systems are compromised, Member shall notify Best Western within twenty-four (24) hours of becoming aware of any such incident. Member further agrees and understands that Best Western shall be permitted to take, at Member's cost, any reasonable actions to protect itself from a data security compromise event at Member's Property, including but not limited to disconnecting the Member from Best Western's reservations systems until the incident is resolved and requiring that the Member provide appropriate documentation and certification that the incident has been resolved (e.g., if applicable, certification from a Payment Card Industry Qualified Security Assessor). Best Western acknowledges it is responsible for the security of cardholder data that it possesses or
Source: Item 23 — Receipts (FDD pages 108–413)
What This Means (2025 FDD)
According to Best Western's 2025 Franchise Disclosure Document, if a Best Western member's data security systems are compromised, the member must notify Best Western within twenty-four (24) hours of becoming aware of the incident. This requirement ensures that Best Western can take swift action to protect its systems and other members from potential harm resulting from the data breach.
Best Western is permitted to take reasonable actions at the member's cost to protect itself from a data security compromise. These actions include disconnecting the member from Best Western's reservation systems until the incident is resolved. Best Western may also require the member to provide documentation and certification from a Payment Card Industry Qualified Security Assessor, if applicable, to prove that the issue has been resolved.
Best Western acknowledges its responsibility for the security of cardholder data that it possesses, stores, processes, or transmits on behalf of the member. They also state that they will not adversely affect the security of the cardholder data environment of the member. This indicates a shared responsibility between Best Western and its members in maintaining data security and protecting customer information.