What measure of care must a Budget licensee exercise to avoid liability for inadvertent disclosure of confidential information?
Budget Franchise · 2025 FDDAnswer from 2025 FDD Document
ilure happens more than twice within any one-year period, ABCR may also, at its discretion, suspend permanently Licensee's connection to the System via the Internet, and require Licensee to follow dedicated connection procedures at Licensee's expense as provided in the Rental System Agreement.
- (d) Licensee will be responsible for any damage suffered by ABCR and/or the System as a result of unauthorized access, use or code or file transmission from Licensee's Equipment during any period in which the Controls are not in place on Licensee's Equipment.
- (e) Licensee is responsible for the actions of all of its authorized users who have access to Licensee's Equipment at Licensee's locations, regardless of the location of the persons or the means by which such persons access the Equipment. This responsibility exists regardless of the security mechanisms that are in place. This responsibility also extends to actions taken by persons who are not authorized to (i) use Licensee's Equipment but who use Licensee's Equipment while physically located at one of Licensee's locations or (ii) access the System remotely but nevertheless have such access due to Licensee's intentional or negligent act or omission. Licensee is expected to employ the Controls available, and commercially reasonable security mechanisms and procedures including those specified herein.
- (f) Licensee is responsible for making best efforts to enforce a policy under which (i) its authorized users log off Licensee's business systems when not in use or lock their screens when leaving their Equipment unattended and (ii) the business systems cannot be remotely operated or accessed by an unauthorized user. Licensee must automatically log all remote logins through Licensee's Equipment, whether successful or failed, and the logs must be reviewed at least once per week by senior supervisory personnel of Licensee for signs of unauthorized access.
Source: Item 23 — RECEIPTS (FDD pages 80–426)
What This Means (2025 FDD)
According to Budget's 2025 Franchise Disclosure Document, a licensee is expected to employ commercially reasonable security mechanisms and procedures to avoid liability for inadvertent disclosure of confidential information. This includes utilizing available controls and those specified within the agreement.
Budget requires the licensee to enforce a policy where authorized users log off business systems when not in use or lock their screens when leaving equipment unattended. The business systems must not be remotely operated or accessed by an unauthorized user. Licensees must log all remote logins, whether successful or failed, and these logs must be reviewed at least once per week by senior supervisory personnel for signs of unauthorized access.
Licensees must provide "administrator" or "super-user" access only to employees, agents, and contractors assigned to maintain such systems. A password administrator must assign each authorized user a unique password and User ID, establishing policies and making reasonable efforts to protect the confidentiality of this information. Employees must be instructed to keep passwords and User ID information confidential, avoiding sharing or disclosing them except to the password administrator. Licensees must also disable any "save password" features in software present on their equipment. These measures are designed to protect Budget's confidential information and reduce the risk of unauthorized access and disclosure.