What laws must a Cicis franchisee comply with regarding the collection, storage, and processing of personal information?

According to Cicis's 2025 Franchise Disclosure Document, franchisees are responsible for complying with all laws related to the collection, storage, and processing of personal information. This includes obtaining necessary permissions for collecting such data. Personal information is defined as data that can be used to identify an individual, such as names, addresses, telephone numbers, email addresses, employee identification numbers, signatures, passwords, financial information, credit card information, biometric or health data, government-issued identification numbers, and credit report information.

Cicis franchisees must implement administrative, physical, and technical safeguards to protect and appropriately dispose of any personal information they collect or store. These safeguards must align with all applicable laws and industry best practices. This means franchisees need to establish and maintain a secure system that prevents unauthorized access, use, or disclosure of personal information, and they must properly dispose of such information when it is no longer needed.

Furthermore, the FDD states that franchisees must immediately notify Cicis of any suspected or actual breach of security or unauthorized access involving personal information. This immediate notification is crucial for Cicis to take appropriate steps to mitigate any potential damage and ensure compliance with data protection laws. The franchisee bears the expense of adhering to these information security requirements.