What standard of care is Even Hotels required to use to protect Confidential Information?
Even_Hotels Franchise · 2025 FDDAnswer from 2025 FDD Document
Hotel shall use commercially reasonable care and discretion to avoid unauthorised use, disclosure, publication, or dissemination of Confidential Information (which shall be no less than the standard of care used by Hotel to protect its Confidential Information of a similar nature).
7. Security Practices.
- 7.2 Licensee shall be responsible for ensuring adequate security and backup procedures to avoid unauthorized access to, use of, or inadvertent loss of data and shall, in its discretion, determine appropriate security, which shall be no less than the standard of care in the industry. Without limiting Licensee's obligations set forth in subparts 7.1.1, 7.1.2 and 7.1.3 above, Licensee will comply with any additional security and data protection practice requirements that IHG will provide to Licensee in writing, which may be updated from time to time (the "Security Practices"). IHG may, in its sole discretion, amend the Security Practices at any time without prior notice (each, a "Security Practices Update"). A Security Practices Update may include additional terms and conditions, including the additional obligations of Licensee. Licensee will comply with any Security Practices Update within thirty (30) days following the date of the Security Practices Update and will comply with any changes to applicable laws, contractual obligations, and industry requirements (including PCI DSS and any successor standard) within the time period provided by such law or industry requirement.
Source: Item 23 — RECEIPTS (FDD pages 99–438)
What This Means (2025 FDD)
According to Even Hotels' 2025 Franchise Disclosure Document, franchisees must exercise a certain level of care to protect confidential information. Specifically, Even Hotels requires franchisees to use commercially reasonable care and discretion to avoid unauthorized use, disclosure, publication, or dissemination of Confidential Information. This standard must be no less than the level of care the franchisee uses to protect its own confidential information of a similar nature.
This means that franchisees must implement security measures and protocols that are at least as robust as those they use to safeguard their own sensitive business data. This obligation extends to protecting confidential information disclosed by HotelKey, IHG, or an IHG Affiliate, whether it's communicated orally, electronically, or in physical form. The term 'Confidential Information' includes data marked as confidential or proprietary, information reasonably identifiable as confidential, or information that should reasonably be understood as confidential given its nature and the circumstances of its disclosure.
Furthermore, Even Hotels franchisees are responsible for ensuring adequate security and backup procedures to prevent unauthorized access, use, or inadvertent loss of data. While franchisees have discretion in determining appropriate security measures, these must meet or exceed the standard of care in the industry. This includes complying with all applicable laws, data privacy laws, contractual obligations, and requirements of the credit card processing industry, such as PCI DSS. Franchisees must also adhere to all IHG policies, requirements, and requests concerning access to any Curated Solution, network connectivity, and transmission of data and reports to IHG and its Affiliates.
In addition to the general standard of care, Even Hotels franchisees must also comply with any additional security and data protection practice requirements that IHG provides in writing, which may be updated from time to time. Franchisees are required to comply with these updates within thirty days of their issuance and must also adhere to any changes to applicable laws, contractual obligations, and industry requirements within the time period specified by such law or industry requirement. This ensures that franchisees maintain up-to-date security practices in line with evolving threats and regulations.