Is a Southern Steer franchisee required to cooperate with the Franchisor regarding a Breach of Security?
Southern_Steer Franchise · 2025 FDDAnswer from 2025 FDD Document
- (b) Inspection of Security Measures.
Upon the Franchisor's request, the Franchisee will allow, and will require any subcontractor(s) to allow, the Franchisor (or the Franchisor's designees) to inspect the implementation of associated administrative, physical and technical security measures, as the case may be, to assess whether its security program complies with applicable information security requirements.
- (c) Breach of Security.
The Franchisee will notify the Franchisor immediately, but in no event later than two hours, of becoming aware of any actual or suspected Breach of Security (defined below).
Such notice will include the following: (a) date and time that the Franchisee discovered the Breach of Security and the date and time when the breach actually occurred, if discoverable; (b) a detailed description of the Breach of Security; (c) a list of the systems and data at risk, including a list of affected individuals; and (c) a description of remediation actions taken after the Breach of Security was discovered, and what remediation actions the Franchisee proposes to take to prevent further loss, misuse, compromise or unauthorized access to Sensitive Information.
Thereafter, the Franchisee will provide to the Franchisor regular (but at least weekly) reports and updates describing the investigation into the Breach of Security and all corrective or remedial actions taken or to be taken by the Franchisee or its subcontractor, as the case may be, promptly provide any further information that the Franchisor may request in connection with Breach of Security, cooperate with the Franchisor with respect thereto, and comply with applicable laws and regulations.
For purposes of this Agreement, "Breach of Security" will mean unauthorized access to, acquisition of, or disclosure of, Sensitive Information submitted to, or otherwise obtained, held by, or in the custody or control of, the Franchisee or its subcontractors of any tier, agents or other representatives, or a reasonable belief by either the Franchisee or its subcontractor of any tier, agent or representative that such unauthorized access, acquisition or disclosure has occurred.
- (d) Franchisor Actions.
The Franchisor may, in its sole discretion, take any and all actions necessary or reasonable to remedy a Breach of Security, including conducting an investigation into the cause of the Breach of Security and notifying affected persons or government agencies accordingly.
The Franchisee will cooperate and provide the Franchisor with all information reasonably necessary to (a) aid the Franchisor's compliance with all federal and state data breach notification laws and any other laws or regulations that may be applicable to a
Breach of Security; and (b) facilitate the Franchisor's determination of whether the breach was effectively mitigated.
The Franchisee will bear all costs and expenses incurred by the Franchisor related to the Breach of Security and compliance with law, including but not limited to any government fines or penalties imposed on the Franchisor as a result of the Breach of Security.
Alternatively, the Franchisor may require that the Franchisee take action to remedy the Breach of Security at the Franchisee's expense.
Source: Item 22 — ITEM. 22 CONTRACTS (FDD pages 61–168)
What This Means (2025 FDD)
According to the 2025 Southern Steer Franchise Disclosure Document, a franchisee is required to cooperate with Southern Steer regarding a breach of security. Specifically, the franchisee must notify Southern Steer immediately, but no later than two hours, after becoming aware of any actual or suspected breach. The notification must include the date and time of discovery and occurrence (if discoverable), a detailed description of the breach, a list of at-risk systems and data (including affected individuals), and a description of remediation actions taken or proposed.
Following the initial notification, the franchisee must provide regular (at least weekly) reports and updates describing the investigation and all corrective actions. The franchisee must also promptly provide any further information Southern Steer requests and comply with applicable laws and regulations. The FDD defines a "Breach of Security" as unauthorized access to, acquisition of, or disclosure of sensitive information submitted to, or otherwise obtained, held by, or in the custody or control of, the franchisee or its subcontractors, agents, or representatives.
Furthermore, the franchisee must allow Southern Steer (or its designees) to inspect the implementation of security measures to assess compliance with information security requirements upon Southern Steer's request. The franchisee is also obligated to cooperate and provide Southern Steer with all information reasonably necessary to aid in compliance with data breach notification laws and to facilitate the determination of whether the breach was effectively mitigated.
Southern Steer also has the right to take any and all actions necessary or reasonable to remedy a Breach of Security, including conducting an investigation and notifying affected persons or government agencies. The franchisee may be required to take action to remedy the Breach of Security at the franchisee's expense, or the franchisee will bear all costs and expenses incurred by Southern Steer related to the Breach of Security and compliance with law, including any government fines or penalties imposed on Southern Steer as a result of the Breach of Security.