Who is responsible for protecting customer data from cyberattacks at a Floyds 99 franchise?

According to the 2025 Floyds 99 Franchise Disclosure Document, the franchisee is solely responsible for protecting customer data from cyberattacks or unauthorized access. The franchisee also waives any claim against Floyds 99 as a result of such attacks or unauthorized access. This means that if a Floyds 99 shop experiences a data breach, the franchisee will bear the responsibility for managing the incident and any associated costs or liabilities.

To ensure data security, Floyds 99 franchisees must purchase, install, and implement computer data security hardware and software, firewall protection, and security breach insurance through Floyds 99's designated or approved supplier. Franchisees must also comply with Floyds 99's standards and specifications, including using Floyds 99's designated credit card processing service and taking security measures that comply with PCI Security Standards.

Furthermore, franchisees must comply with all applicable federal, state, and local laws and regulations concerning the storage, handling, use, and protection of customer data. They must also adhere to any data protection and breach response policies that Floyds 99 establishes and must not use or disclose customer data in a way that violates Floyds 99's published privacy policy. Franchisees are required to immediately notify Floyds 99 of any actual or suspected data breach or cyberattack at or in connection with the Floyds 99 shop and/or customer data.

These stipulations highlight the importance of data security for Floyds 99 franchisees. Franchisees should carefully consider the costs associated with implementing and maintaining adequate security measures, as well as the potential liabilities in the event of a data breach. It is also important to understand and comply with all applicable laws and regulations, as well as Floyds 99's data protection policies.