factual

What is a Carls Jr. franchisee required to do in the event of a suspected data breach?

Carls_Jr Franchise · 2025 FDD

Answer from 2025 FDD Document

In the event of a suspected or actual data breach, Franchisee will notify CJR within 24 hours of becoming aware of the actual or suspected data breach and provide timely updates and information when requested by CJR. Franchisee will comply with industry standards and best practices regarding breach reporting and notification obligations and take all necessary and appropriate corrective action to remedy the data breach, prevent a recurrence of such a breach, and avoid and/or prevent any further loss or damage arising from the data breach.

Franchisee must notify CJR immediately of any suspected data breach at or in connection with the Franchised Restaurant or the business operated at the Franchised Restaurant. Franchisee must fully cooperate with CJR and its counsel in determining the most effective way to meet CJR's standards and policies pertaining to Privacy Laws, including those governing notification of a data breach. Franchisee is responsible for any financial losses it incurs or remedial actions that it must take as a result of breach of security or unauthorized access to Consumer Information in Franchisee's control or possession.

Source: Item 22 — CONTRACTS (FDD pages 75–76)

What This Means (2025 FDD)

According to the 2025 Carls Jr. Franchise Disclosure Document, a franchisee has specific obligations in the event of a suspected or actual data breach. The franchisee must notify Carls Jr. within 24 hours of becoming aware of the breach. They must also provide timely updates and information as requested by Carls Jr.

Carls Jr. franchisees must comply with industry standards and best practices for breach reporting and notification. This includes taking all necessary and appropriate corrective actions to remedy the data breach, prevent it from happening again, and avoid any further loss or damage resulting from the breach.

In addition, the franchisee must immediately notify Carls Jr. of any suspected data breach at or connected to the franchised restaurant or its business. The franchisee is required to fully cooperate with Carls Jr. and its counsel to determine the most effective way to meet Carls Jr.'s standards and policies regarding privacy laws, including those governing data breach notification. Ultimately, the franchisee is responsible for any financial losses incurred or remedial actions required due to a security breach or unauthorized access to consumer information under their control.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Carls_Jr 2025 FAQs Ask FDD Ninja