What is a Cinnabon franchisee required to do if they suspect or know of a security breach?
Cinnabon Franchise · 2025 FDDAnswer from 2025 FDD Document
If you suspect or know of a security breach, you must immediately give us notice of such security breach and promptly identify and remediate the source of any compromise or security breach at your expense.
You assume all responsibility for providing all notices of breach or compromise and all duties to monitor credit histories and transactions concerning customers of the Franchised Business.
- 12.3 Data Breach Notification.
If you learn of an incident that may be a "breach of the security of the system" under Cal.
Civ.
Code § 1798.82 or any other data breach notification Law, you must immediately notify us of the facts that are known about the incident (a "Data Breach").
Although you are responsible for complying with all data breach notification Laws and standards applicable to your organization, we expect that you will coordinate with us regarding such incidents where notification to individuals is required before individuals are notified so that we can be aware of and be prepared to address issues that may affect the System and be in a position to support you where possible.
In the event of an actual or suspected Data Breach, you grant us and our designees and agents the right, exercisable in our sole and absolute discretion, to conduct an investigation of the incident and to install, run, and maintain any hardware, software, or code on your Computer System or in your computer network necessary or advisable to facilitate the investigation and to contain and remediate the incident, and you agree to cooperate with us and to provide us with any access and information we may reasonably request for those purposes.
Nothing in the preceding sentence shall relieve you of your obligation to comply with applicable laws, regulations, rules, standards or any equivalent thereof concerning an actual or suspected Data Breach.
You are responsible for any costs or financial losses you incur or remedial actions that you must take as a result of an actual or suspected Data Breach.
Source: Item 23 — Receipts (FDD pages 114–399)
What This Means (2025 FDD)
According to Cinnabon's 2025 Franchise Disclosure Document, if a franchisee suspects or knows of a security breach, they must immediately notify Cinnabon of the breach. The franchisee is also required to promptly identify and remediate the source of the security breach at their own expense. This includes providing all notices of breach or compromise and all duties to monitor credit histories and transactions concerning customers of the franchised business.
Furthermore, if the incident is considered a "breach of the security of the system" under Cal. Civ. Code § 1798.82 or any other data breach notification Law, the franchisee must immediately notify Cinnabon of the known facts about the incident, which is termed a "Data Breach". While the franchisee is responsible for complying with all data breach notification laws and standards, they are expected to coordinate with Cinnabon regarding incidents requiring individual notification. This coordination ensures Cinnabon is aware and prepared to address issues that may affect the entire Cinnabon system and to support the franchisee where possible.
In the event of an actual or suspected Data Breach, the franchisee grants Cinnabon and its designees the right to investigate the incident. This includes installing and maintaining hardware, software, or code on the franchisee's computer system to facilitate the investigation and to contain and remediate the incident. The franchisee must cooperate with Cinnabon and provide any access and information reasonably requested for these purposes. The franchisee is responsible for any costs or financial losses incurred or remedial actions that must be taken as a result of an actual or suspected Data Breach.
These requirements highlight the importance of data security for Cinnabon franchisees and the potential financial burden they may face in the event of a breach. Prospective franchisees should carefully consider these obligations and ensure they have adequate security measures in place to protect customer data and mitigate the risk of a security breach.