What is the Burneys Sweets More franchisee's responsibility regarding security breaches?
Burneys_Sweets_More Franchise · 2025 FDDAnswer from 2025 FDD Document
Except to the extent required by applicable law, no public disclosure of any instance of such unauthorized access or breach shall be made by Franchisee unless Franchisor has authorized the provision of notice and the form of such notice in writing.
Franchisee shall reimburse Franchisor for all reasonable Notification and Remediation Related Costs (hereinafter defined) incurred by Franchisor arising out of or in connection with any such Security Breach that is directly or indirectly caused by Franchisee or its personnel. "Notification and Remediation Related Costs" shall include Franchisor's internal and external costs associated with addressing and responding to the Security Breach, including but not limited
- to: (i) preparation and mailing or other transmission of legally required notifications to affected individuals, regulators and attorneys general; (ii) preparation and mailing or other transmission of such other communications to customers, agents or others as Franchisor deems reasonably appropriate; (iii) establishment of a call center or other communications procedures in response to such Security Breach (e.g., customer service FAQs, talking points and training); (iv) engagement of information technology consultants, public relations and other similar crisis management services; (v) payment of legal and accounting fees and expenses associated with Franchisor's investigation of and response to the Security Breach; and (vi) payment of costs for commercially reasonable credit reporting services that are associated with legally required notifications or are advisable under the circumstances.
Franchisee Indemnifying Parties (as defined in Section 19 of this Agreement) agree to hold harmless, defend and indemnify Franchisor Indemnified Parties (as defined in Section 19 of this Agreement) from and against any and all losses, expenses, judgments, claims, attorney fees and damages arising out of or in connection with any claim or cause of action in which Franchisor Indemnified Parties shall be a named defendant and which arises, directly or indirectly, out of the operation of, or in connection with a Security Breach or Franchisee Indemnifying Parties', or their officers', directors', agents' or employees' violation of any Privacy Law, Data Protection and Security Policies, consumer protectionrelated law or regulation, e-mail marketing and other marketing laws and regulations, and the PCI-DSS.
Source: Item 22 — CONTRACTS (FDD page 50)
What This Means (2025 FDD)
According to Burneys Sweets More's 2025 Franchise Disclosure Document, franchisees have specific responsibilities regarding security breaches. The franchisee cannot publicly disclose any unauthorized access or breach unless Burneys Sweets More has authorized the notice and its form in writing. This ensures that all public communication is controlled and consistent with the brand's standards.
Furthermore, the franchisee is responsible for reimbursing Burneys Sweets More for all reasonable Notification and Remediation Related Costs that the franchisor incurs due to a security breach directly or indirectly caused by the franchisee or their personnel. These costs include expenses related to notifying affected individuals and regulators, establishing call centers, engaging IT consultants and public relations services, covering legal and accounting fees, and providing credit reporting services. This means a franchisee could face significant financial liability if a breach occurs due to their actions or negligence.
The franchisee must also indemnify Burneys Sweets More against any losses, expenses, judgments, claims, attorney fees, and damages arising from any claim or cause of action in which Burneys Sweets More is named as a defendant, if the claim arises directly or indirectly from a security breach or the franchisee's violation of privacy laws, data protection and security policies, consumer protection laws, e-mail marketing regulations, or the PCI-DSS. This indemnification clause further protects Burneys Sweets More from financial and legal repercussions resulting from the franchisee's actions or failures related to data security and compliance.