If a Cyber Event occurs, does City Wide have an obligation to respond?
City_Wide Franchise · 2025 FDDAnswer from 2025 FDD Document
Franchisee will exert its best efforts to protect each Technology System against a cyber event including any claims related to data breach, identify theft or theft of personal information ("Cyber Event").
If a Cyber Event occurs, City Wide reserves the right, but shall not have any obligation, to perform and/or control and/or cause its third-party consultants to perform and/or control all aspects of the response to the Cyber Event including, without limitation, the investigation, containment and resolution of the Cyber Event and all communications.
City Wide's control of the response to a Cyber Event shall not create any liability for City Wide or additional rights for Franchisee, entitle Franchisee to damages or relieve Franchisee of Franchisee's indemnification obligations under Section 7.
Franchisee shall reimburse City Wide for all of City Wide's out-of-pocket costs and expenses incurred in responding to and remedying any Cyber Event if such Cyber Event is conclusively determined to have been caused solely by Franchisee or directly related to Franchisee's Franchised Business operations.
Source: Item 22 — CONTRACTS (FDD page 65)
What This Means (2025 FDD)
According to City Wide's 2025 Franchise Disclosure Document, City Wide is not obligated to respond to a Cyber Event. While City Wide reserves the right to perform or control all aspects of the response, including investigation, containment, resolution, and communications, it is explicitly stated that they have no obligation to do so. This means that in the event of a data breach, identity theft, or theft of personal information, the franchisee may be largely responsible for managing the situation.
City Wide's control of the response to a Cyber Event does not create any liability for City Wide or additional rights for the franchisee, nor does it entitle the franchisee to damages or relieve them of their indemnification obligations. This indicates that the franchisee bears significant responsibility for protecting their Technology System against cyber threats and for any consequences arising from a Cyber Event.
Furthermore, the franchisee is required to reimburse City Wide for all out-of-pocket costs and expenses incurred in responding to and remedying any Cyber Event if it is conclusively determined to have been caused solely by the franchisee or directly related to the franchisee's business operations. This highlights the importance of the franchisee maintaining compliance with data privacy and security laws and obtaining advice from their own legal and security consultants to ensure they operate the franchised business in full compliance with data security safeguards.