What is a Hardees franchisee required to do in the event of a suspected data breach?
Hardees Franchise · 2025 FDDAnswer from 2025 FDD Document
Franchisee agrees to utilize administrative, physical, and technical safeguards designed to protect systems and data from unauthorized access, disclosure, acquisition, destruction, use, or modification that are consistent with industry standards and best practices. Franchisee further agrees to adhere to any applicable law relating to data security. In the event of a suspected or actual data breach, Franchisee will notify HR within 24 hours of becoming aware of the actual or suspected data breach and provide timely updates and information when requested by HR. Franchisee will comply with industry standards and best practices regarding breach reporting and notification obligations and take all necessary and appropriate corrective action to remedy the data breach, prevent a recurrence of such a breach, and avoid and/or prevent any further loss or damage arising from the data breach.
Franchisee must notify HR immediately of any suspected data breach at or in connection with the Franchised Restaurant or the business operated at the Franchised Restaurant. Franchisee must fully cooperate with HR and its counsel in determining the most effective way to meet HR's standards and policies pertaining to Privacy Laws, including those governing notification of a data breach. Franchisee is
responsible for any financial losses it incurs or remedial actions that it must take as a result of breach of security or unauthorized access to Consumer Information in Franchisee's control or possession.
Source: Item 22 — Contracts (FDD page 85)
What This Means (2025 FDD)
According to Hardees' 2025 Franchise Disclosure Document, franchisees have specific obligations regarding data security and breach response. If a Hardees franchisee suspects or experiences a data breach, they must notify Hardees within 24 hours of becoming aware of the issue. This quick notification allows Hardees to begin assessing the situation and coordinate a response.
Beyond the initial notification, the franchisee must provide timely updates and information to Hardees as requested. This ensures that Hardees remains informed about the evolving situation and can offer appropriate guidance and support. The franchisee is also required to comply with industry standards and best practices for breach reporting and notification, demonstrating a commitment to responsible data handling.
Furthermore, the Hardees franchisee must take all necessary and appropriate corrective actions to remedy the data breach, prevent future occurrences, and avoid further loss or damage. This includes addressing the vulnerabilities that led to the breach, implementing stronger security measures, and taking steps to mitigate any harm to affected parties. The franchisee is also responsible for any financial losses or remedial actions resulting from a security breach or unauthorized access to consumer information under their control.