Who is responsible for financial losses incurred due to a security breach involving customer information at a Body20 franchise?
Body20 Franchise · 2025 FDDAnswer from 2025 FDD Document
(a) Protection of Customer Information. You must comply with our System Standards, other directions from us, and all Applicable Laws regarding the organizational, physical, administrative and technical measures and security procedures to safeguard the confidentiality and security of Customer Information on your Technology System or otherwise in your possession or control and, in any event, employ reasonable means to safeguard the confidentiality and security of Customer Information. "Customer Information" means names,
contact information, financial information and other personal information of or relating to the Studio's customers and prospective customers. If there is a suspected or actual breach of security or unauthorized access involving your Customer Information, you must notify us immediately after becoming aware of such actual or suspected occurrence and specify the extent to which Customer Information was compromised or disclosed. You are responsible for any financial losses you incur or remedial actions that you must take as a result of a breach of security or unauthorized access to Customer Information in your control or possession.
Source: Item 23 — RECEIPT (FDD pages 74–251)
What This Means (2025 FDD)
According to Body20's 2025 Franchise Disclosure Document, the franchisee is responsible for financial losses incurred due to a security breach involving customer information. The franchisee must comply with Body20's System Standards, directions, and all Applicable Laws to safeguard the confidentiality and security of Customer Information on their Technology System or otherwise in their possession or control, and in any event, employ reasonable means to safeguard the confidentiality and security of Customer Information. Customer Information includes names, contact information, financial information, and other personal information of the Studio's customers and prospective customers.
If a suspected or actual breach of security or unauthorized access involving Customer Information occurs, the franchisee must notify Body20 immediately after becoming aware of it and specify the extent to which Customer Information was compromised or disclosed. The franchisee is responsible for any financial losses they incur or remedial actions that they must take as a result of a breach of security or unauthorized access to Customer Information in their control or possession.
This means that if a Body20 franchise experiences a data breach, the franchisee, not Body20, is liable for any resulting financial losses. This could include costs related to notifying affected customers, legal fees, fines, and other expenses associated with resolving the breach. It is important for prospective franchisees to understand this responsibility and to ensure they have adequate security measures in place to protect customer information and appropriate insurance coverage to mitigate potential losses from data breaches.
In the franchise industry, it is common for franchisees to bear the responsibility for data security and related losses, as they are the ones directly handling customer data at their individual locations. However, franchisors often provide guidelines and support to help franchisees implement security measures and comply with relevant laws and regulations. Prospective Body20 franchisees should carefully review the FDD and Franchise Agreement to understand their obligations regarding data security and seek clarification from Body20 on the specific systems, procedures, and training programs they must implement.