Skip to Content
April 20, 2015 Article 2 min read

The headlines are replete with news of dispiriting data breaches at some of the world’s top brands (Target, Neiman Marcus, UPS, Goodwill, Michaels, and Home Depot, among many, many others) that have compromised PII (personally identifiable information) and used it for fraudulent purposes.

While there are shifting liability concerns related to these data thefts, for the franchisee whose store is the site of a hacker attack, it makes little difference how the financial details are ultimately settled; its customers will spend considerable time recovering from the incident, with its brand suffering irreparable damage in the eyes of its customers and the public (to wit: Target has suffered four consecutive quarters of struggling sales since its 2013 data breach).

The risk associated with handling customer data varies among franchises. In some cases, the franchisor will provide the POS system and the franchisee will merely swipe customers’ cards without any data being stored at the local store level; while in other instances, the franchisee may manage the system and store and transmit sales data to credit card processors.
 
In either case, the key focus must be securing customer information, which requires your understanding of three fundamental elements:
  1. What
    What personal data you are collecting from customers (name, address, credit card information). 
  2. Where
    Where that data is going (i.e., the path between the card-reader to the credit card processing center).
  3. Who
    Who owns the data: If it’s being stored in-house, you must know the administrative and tech controls (firewalls, password policies) that are in place.
As an example, if you are a franchisee for a mobile phone company, you will need to obtain the Social Security numbers of your customers. When gathering that information, what are your procedures for handling that data at the store? Are you touching their credit cards?
 
Or do the customers swipe the details? Whatever the ultimate procedures, you must have strict guidelines in place and ensure your employees are trained properly.
 
If you don’t feel confident storing customer data, outsource the responsibility to a reputable third party. Many are cloud-based and offer far more expertise than a small- or medium-size company can afford in-house.
 
For the growing franchisor/ee, your liabilities escalate as you handle and process greater amounts of data. Data breaches impact not just the compromised store but also every location that shares the brand affiliation.
 
In addition to impacting customer loyalties, there are high legal and credit monitoring fees associated with post-breach remediation. There are no shortcuts here. The long-term viability of your brand depends on you implementing the right solutions.