What is the deadline for a Fitstop franchisee to alert the franchisor of a suspected data security breach?
Fitstop Franchise · 2024 FDDAnswer from 2024 FDD Document
It is your responsibility to alert us, not later than 24 hours following a suspected or confirmed data security breach, so that appropriate action can be taken to protect customer data and notify relevant parties. You are not permitted to collect, store, transfer, etc. any unnecessary customer information.
Source: Item 11 — FRANCHISOR'S ASSISTANCE, ADVERTISING, COMPUTER SYSTEMS, AND TRAINING (FDD pages 24–35)
What This Means (2024 FDD)
According to Fitstop's 2024 Franchise Disclosure Document, a franchisee must notify Fitstop of a suspected or confirmed data security breach no later than 24 hours after its discovery. This swift notification is crucial so that Fitstop can take appropriate actions to protect customer data and inform any relevant parties.
This requirement places a significant responsibility on the Fitstop franchisee to have systems in place for detecting and responding to potential data breaches. The franchisee is also responsible for all costs associated with data security issues, including breaches, security threats, and malware. This includes adhering to Payment Card Industry (PCI) and Data Security Standard (DSS) regulations.
For a prospective Fitstop franchisee, this means understanding and budgeting for robust data security measures. Failing to report a breach within the specified timeframe could lead to penalties or other repercussions outlined in the franchise agreement. Furthermore, franchisees must avoid collecting and storing unnecessary customer information to minimize potential data security risks.