What is a Dog Haus franchisee's responsibility regarding the security of cardholder data processed by subcontractors?

According to Dog Haus's 2025 Franchise Disclosure Document, a franchisee is responsible for the security of cardholder data even when that data is in the possession or control of subcontractors they hire to process credit cards. This means that if a franchisee uses a third-party service to handle credit card transactions, the franchisee is still accountable for ensuring that the subcontractor protects the data according to industry standards.

Dog Haus requires that all subcontractors who will handle cardholder data must be identified and approved by Dog Haus in writing before any data is shared with them. This approval process likely involves Dog Haus assessing the subcontractor's security measures and compliance with data protection standards.

Furthermore, Dog Haus franchisees must provide documentation to Dog Haus, if requested, demonstrating that both the franchisee and their subcontractors comply with the Payment Card Industry Data Security Standards (PCI DSS). The PCI DSS are a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Franchisees can find the most current standards at www.pcisecuritystandards.org. This requirement ensures that franchisees actively monitor and verify their subcontractors' adherence to security protocols, adding another layer of protection for cardholder data.

In practice, this means a Dog Haus franchisee needs to carefully vet any potential subcontractors, ensure they have robust security measures in place, and continuously monitor their compliance with PCI DSS. Failure to do so could result in data breaches, legal liabilities, and damage to the Dog Haus brand. Franchisees should maintain open communication with Dog Haus regarding their subcontractors and promptly address any security concerns that arise.