What are the Gramm-Leach-Bliley Privacy Act requirements for Byrider franchisees?

According to the 2025 Byrider Franchise Disclosure Document, franchisees must adhere to the Gramm-Leach-Bliley Privacy Act. The FDD mentions a "STANDARD: Gramm-Leach-Bliley Privacy Act requirements" and a "Customer Information Security Plan," indicating that Byrider has specific protocols in place to ensure compliance with this act. Additionally, there is a "Red Flag Program" listed, which is related to identity theft prevention, a key component of the Gramm-Leach-Bliley Act.

Furthermore, Byrider franchisees are obligated to implement administrative, physical, and technical safeguards to protect personal information, including names, addresses, financial information, and credit card details. This obligation extends to complying with all applicable laws and industry best practices related to the collection, access, use, storage, disposal, and disclosure of personal information. Franchisees are responsible for confirming that their safeguards comply with these laws, even if Byrider provides assistance or guidance.

If a Byrider franchisee becomes aware of a security breach or unauthorized access to personal information, they must immediately notify Byrider and specify the extent of the compromise. The franchisee must also follow Byrider's instructions regarding corrective actions and public statements related to the breach. Franchisees must comply with Byrider's privacy policy, as it may be amended, and adhere to requests to return or delete personal information as required by data sharing and privacy laws.

In practical terms, this means Byrider franchisees must invest in and maintain robust data security systems and practices. They need to stay updated on privacy laws and regulations, train their staff on data protection, and have a plan in place for responding to data breaches. Failure to comply with these requirements could result in legal penalties and damage to Byrider's reputation.