How long must a Camp Margaritaville franchisee retain information relating to a security incident?

According to Camp Margaritaville's 2025 Franchise Disclosure Document, a franchisee must retain all information relating to a security incident until Camp Margaritaville consents in writing to its destruction. This requirement ensures that Camp Margaritaville has access to all relevant data for as long as it deems necessary, potentially for ongoing investigations, audits, or legal compliance.

This stipulation places a potentially indefinite retention obligation on the franchisee. Unlike fixed retention periods (e.g., 5 years), the franchisee cannot dispose of the information until they receive explicit written permission from Camp Margaritaville. This could be a considerable burden, requiring franchisees to maintain secure storage and access to the data for an unspecified duration.

For a prospective Camp Margaritaville franchisee, this means understanding and preparing for the long-term storage and management of security incident data. It would be prudent to inquire with Camp Margaritaville about typical retention periods and the criteria they use to determine when to authorize data destruction. Additionally, franchisees should factor in the potential costs associated with indefinite data retention when assessing the overall investment and operational expenses of the franchise.