Gavin George and Marc Legrand for Law360: Franchisors Must Find the Right Data Security Balance


In recent years, a number of franchisors have fallen victim to data breaches, including Jimmy John’s,[1] Dairy Queen,[2] The UPS Store,[3] Wyndham and SuperValu.[4] Between lost goodwill, the cost of investigating and responding to the breach, private lawsuits, and government enforcement actions, it’s no surprise that such data breaches are expensive. In 2014, the Ponemon Institute estimated that U.S. organizations paid an average of $5.9 million dollars per data breach.[5]

Franchisors strive to avoid liability for the acts and omissions of individual franchisees, including acts or omissions that contribute to data breaches. That motivation, however, is in tension with the franchisor’s desire to exert sufficient control over franchisees to protect its brand from reputational harm. After a data breach, affected plaintiffs or the Federal Trade Commission may attempt to establish the franchisor’s liability by proving that the franchisor wielded a substantial level of control over the franchisee’s day-to-day operations, especially the particular aspects most related to the breach.

Excerpted from Law360. To read the full article, click here (subscription required).

Email Disclaimer