Under what circumstances is a Budget licensee permitted to implement new security measures that differ from those mandated by ABCR?
Budget Franchise · 2025 FDDAnswer from 2025 FDD Document
new security measures than ABCR unless a specific, identified risk or threat uniquely exposes or affects Licensee.
- (c) If Licensee fails to install, maintain, implement and observe the Controls as mandated by ABCR in written procedures, Licensee will be in material breach of the Rental System Agreement, the License Agreement and responsible for any resulting damage or expense incurred by ABCR and the System.
Licensee will be responsible for the expense required to correct any non-conformity of Licensee's Equipment or communication systems employed by Licensee with the System, including non-PCI compliance.
As a result of any such material breach, Licensee will be suspended from network access until the failure is remedied to ABCR'S satisfaction.
If any such failure happens more than twice within any one-year period, ABCR may also, at its discretion, suspend permanently Licensee's connection to the System via the Internet, and require Licensee to follow dedicated connection procedures at Licensee's expense as provided in the Rental System Agreement.
(d) Licensee will be responsible for any damage suffered by ABCR and/or the System as a result of unauthorized access, use or code or file transmission from Licensee's Equipment during any period in which the Controls are not in place on Licensee's Equipment.
(e) Licensee is responsible for the actions of all of its authorized users who have access to Licensee's Equipment at Licensee's locations, regardless of the location of the persons or the means by which such persons access the Equipment.
This responsibility exists regardless of the security mechanisms that are in place.
This responsibility also extends to actions taken by persons who are not authorized to (i) use Licensee's Equipment but who use Licensee's Equipment while physically located at one of Licensee's locations or (ii) access the System remotely but nevertheless have such access due to Licensee's intentional or negligent act or omission.
Licensee is expected to employ the Controls available, and commercially reasonable security mechanisms and procedures including those specified herein.
Source: Item 23 — RECEIPTS (FDD pages 80–426)
What This Means (2025 FDD)
According to Budget's 2025 Franchise Disclosure Document, a licensee is permitted to implement new security measures that differ from those mandated by ABCR (presumably Budget's parent company or a related entity overseeing security standards) only when a specific, identified risk or threat uniquely exposes or affects the licensee. This suggests that while Budget has standard security protocols, franchisees can adapt and enhance security to address particular vulnerabilities they face.
However, the FDD also stipulates that if a Budget licensee fails to install, maintain, implement, and observe the security controls mandated by ABCR in written procedures, they will be in material breach of their agreements. This breach makes the licensee responsible for any resulting damage or expense incurred by ABCR and the Budget system. Furthermore, such a breach can lead to suspension from network access until the failure is remedied to ABCR's satisfaction. If the failure occurs more than twice within a year, ABCR may permanently suspend the licensee's connection to the system via the Internet and require them to follow dedicated connection procedures at their own expense.
Budget licensees are responsible for any damage suffered by ABCR and/or the system due to unauthorized access, use, or code/file transmission from their equipment if the mandated security controls are not in place. This responsibility extends to the actions of all authorized users and even unauthorized users who access the system due to the licensee's intentional or negligent act or omission. Licensees are expected to employ the available controls and commercially reasonable security mechanisms and procedures. Therefore, while some flexibility exists to address unique risks, strict adherence to ABCR's mandated security controls is critical to avoid breaches and potential penalties.