The headlines are replete with news of dispiriting data breaches at some of the world’s top brands (Target, Neiman Marcus, UPS, Goodwill, Michaels, and Home Depot, among many, many others) that have compromised PII (personally identifiable information) and used it for fraudulent purposes.
While there are shifting liability concerns related to these data thefts, for the franchisee whose store is the site of a hacker attack, it makes little difference how the financial details are ultimately settled; its customers will spend considerable time recovering from the incident, with its brand suffering irreparable damage in the eyes of its customers and the public (to wit: Target has suffered four consecutive quarters of struggling sales since its 2013 data breach).
What personal data you are collecting from customers (name, address, credit card information).
Where that data is going (i.e., the path between the card-reader to the credit card processing center).
Who owns the data: If it’s being stored in-house, you must know the administrative and tech controls (firewalls, password policies) that are in place.