If a Bft franchisee becomes aware of a suspected data breach involving personal information, what is the franchisee obligated to do?
Bft Franchise · 2025 FDDAnswer from 2025 FDD Document
If Franchisee becomes aware of a suspected or actual breach of security or unauthorized access involving Personal Information, Franchisee will notify Franchisor immediately and specify the extent to which Personal Information was compromised or disclosed. Franchisee also agrees to fully cooperate, at its own expense, with any investigation Franchisor, or its designees, conducts related to the suspected or actual breach. Franchisee also agrees to follow Franchisor's instructions regarding curative actions and public statements relating to the breach. Franchisee also agrees to comply with applicable law regarding notice of the breach (either to the affected individuals and/or applicable governmental officials). To the extent permitted under Applicable Law, Franchisee will provide Franchisor with a copy of the form of breach notice as soon as practical in advance of providing such notice to the affected data subjects and/or governmental official. Franchisor reserves the right to conduct a data security and privacy audit of any of the Studio and computer system at any time, from time to time, to ensure that Franchisee is complying with Franchisor's requirements. Franchisee must promptly notify Franchisor if it receives any complaint, notice, or communication, whether from a governmental agency, customer or other person, relating to any Personal Information, or Franchisee's compliance with Franchisee's obligations relating to Personal Information under this Agreement, and/or if Franchisee has any reason to believe that it will not be able to satisfy any of its obligations relating to Personal Information under this Agreement.
Source: Item 23 — RECEIPTS (FDD pages 79–265)
What This Means (2025 FDD)
According to Bft's 2025 Franchise Disclosure Document, if a franchisee becomes aware of a suspected or actual breach of security or unauthorized access involving Personal Information, the franchisee must immediately notify Bft and specify the extent to which Personal Information was compromised or disclosed. The franchisee is obligated to fully cooperate, at its own expense, with any investigation Bft, or its designees, conducts related to the suspected or actual breach.
Furthermore, the Bft franchisee agrees to follow Bft's instructions regarding curative actions and public statements relating to the breach. The franchisee also agrees to comply with applicable law regarding notice of the breach, whether to the affected individuals and/or applicable governmental officials. To the extent permitted under Applicable Law, the franchisee will provide Bft with a copy of the form of breach notice as soon as practical in advance of providing such notice to the affected data subjects and/or governmental official.
Bft reserves the right to conduct a data security and privacy audit of any of the Studio and computer system at any time, from time to time, to ensure that the franchisee is complying with Bft's requirements. The franchisee must promptly notify Bft if it receives any complaint, notice, or communication, whether from a governmental agency, customer or other person, relating to any Personal Information, or the franchisee's compliance with the franchisee's obligations relating to Personal Information under this Agreement, and/or if the franchisee has any reason to believe that it will not be able to satisfy any of its obligations relating to Personal Information under this Agreement.