Blog Banner Image

The Franchise Memorandum

The Franchise Memorandum

Posts in Data Privacy and Security.

This year new and amended privacy laws are going into effect in several states, including California, Virginia, Connecticut, Colorado, and Utah. Read more about the laws in Lathrop GPM’s client alert.

Email LinkedIn Twitter Facebook

A federal court in Illinois granted a motion to dismiss a Biometric Information Privacy Act (BIPA) claim against a franchisor brought by a franchisee employee. Stauffer v. Innovative Heights Fairview Heights, LLC, 2022 WL 3139507 (S.D. Ill. Aug. 5, 2022).

Email LinkedIn Twitter Facebook

In response to the uncertainty caused by the European Court of Justice questioning whether Standard Contractual Clauses (last amended in 2004) provide sufficient data protections in the “Schrems II” opinion, the European Commission recently adopted new SCCs.

Email LinkedIn Twitter Facebook

Franchisors (and franchisees) that control and/or process the data of individuals within the European Union should be aware of the General Data Protection Regulation (“GDPR”) and take affirmative steps to prepare for its imminent roll-out. The GDPR requires businesses to, among other things, implement strict measures to protect the personal data and privacy of EU residents. Failure to comply with the GDPR may result in significant fines and open noncompliant companies to class action lawsuits. Billed as a landmark global standard for data protection and privacy, the GDPR ...

Email LinkedIn Twitter Facebook

A California federal district court recently denied a hotel’s motion to dismiss a claim that it violated the California Customer Records Act (“CRA”), which requires businesses to “implement and maintain reasonable security measures.” Dugas v. Starwood Hotels & Resorts Worldwide, Inc., 2016 WL 6523428 (S.D. Cal. Nov. 3, 2016). Following a breach of Starwood’s computer system, Paul Dugas, a customer of Starwood’s Sheraton San Diego Hotel, claimed that the hotel and its franchisor violated the CRA by failing to follow industry-standard encryption procedures to ...

Email LinkedIn Twitter Facebook

After the United States Court of Appeals for the Third Circuit recently affirmed the denial of Wyndham Hotel's motion to dismiss claims that it allegedly violated Section 5 of the FTC Act (as reported in Issue No. 197 of The GPMemorandum), a federal court in New Jersey entered a stipulated order for an injunction resolving the case. FTC v. Wyndham Worldwide Corp., No. 2:13-cv-01887 (D.N.J. Dec. 11, 2015). The complaint filed by the FTC alleged that Wyndham engaged in unfair practices by failing to maintain reasonable and appropriate data security for consumers' sensitive personal ...

Email LinkedIn Twitter Facebook

Do you transfer customer data from the European Union to the United States? Employee data? If so, you better make sure that you are taking the right steps to comply with the EU data privacy and protection laws. On October 6, 2015, the European Court of Justice ruled that the 15-year-old EU-U.S. Safe Harbor Framework used by over 4,000 American businesses to transfer personal data from the 28 member countries of the European Union to the United States was immediately invalid. Maximillian Schrems v. Data Protection Commissioner, Case C-362/14 (Oct. 6, 2015). Even if a company did not ...

Email LinkedIn Twitter Facebook

The Third Circuit court of appeals recently affirmed the denial of Wyndham Hotels' motion to dismiss a case brought by the FTC for unfair and deceptive trade practices. FTC v. Wyndham Worldwide Corp., 2015 WL 4998121 (3d Cir. Aug. 24, 2008). The FTC alleged that franchisor Wyndham Hotels & Resorts, along with its affiliates, engaged in deceptive practices by misrepresenting that it used standard and commercially reasonable practices to secure guest data, and engaged in unfair practices by failing to protect customer data. The claims arose after a criminal organization hacked into ...

Email LinkedIn Twitter Facebook

According to public releases by Jimmy John's (the sandwich shop franchisor) and Signature Systems (the point of sale (POS) system provider for 216 Jimmy John's locations), malware was installed on those POS systems through use of a user name and password used for purposes of remote administration. This type of remote access has been an ongoing source of unauthorized access to POS systems for some time and has affected other franchised retail businesses. Here are six quick lessons franchisors should learn from these attacks:

  1. Know Your Vendor. The breach at Jimmy John's has been traced ...
Email LinkedIn Twitter Facebook

About this Publication

The Franchise Memorandum is a collection of postings on summaries of recent legal developments of interest to franchisors brought to you by Lathrop GPM LLP. 

To subscribe to monthly emails for The Franchise Memorandum, please click here




















Blog Authors