What minimum level of encryption is required for electronic data transmission containing confidential, credit card, or PII data that traverses any network and is processed by Budget Licensee's business systems or networks with access to the System?

According to Budget's 2025 Franchise Disclosure Document, a minimum of 128-bit encryption must be used for electronic data transmission containing confidential information, credit card data, or Personally Identifiable Information (PII). This encryption requirement applies to data that is transmitted across any network and processed by the Budget licensee's business systems or networks that have access to Budget's system. For data encryption in storage, such as email or local media, industry standard encryption tools must be utilized.

This requirement ensures that sensitive data is protected during transmission, reducing the risk of unauthorized access or interception. Franchisees must implement and maintain this level of encryption to comply with Budget's security policies and procedures. This is a standard security practice in the franchise industry, particularly for brands that handle sensitive customer data.

Additionally, Budget specifies that wireless networking is generally not acceptable for systems interfacing with their system. If a franchisee needs to use wireless networking, it must be protected with a minimum of WPA-2 encryption, and the encryption keys must be changed quarterly. MAC address filtering should also be implemented to restrict network access to known devices only. These additional security measures further protect the Budget system and customer data from potential threats.