At the National Franchise Conference 2016, technology was unsurprisingly a hot topic. But the talk wasn’t about the software or the benefit of being online; the technology talk this year was a little, well, darker – namely, cyber security and threats technology can pose in the franchising sphere.
While technology is certainly impacting the development of franchising in Australia, we should embrace it with caution. Establishing systems to protect the valuable intellectual property and data is at the core of every franchise brand. This article will explore the technology threats in franchising, solutions available, and some practical steps you can implement as a franchisor.
What are the Technology Threats in Franchising?
Breaches of cyber security and unwarranted access to online records and data represent a real threat to franchise brands – particularly in the context of protecting intellectual property and maintaining ongoing compliance with the law, such as the Australian Privacy Law.
Some examples of direct threats include:
- Database hacking, whereby private information is made public;
- Theft of data;
- Breach of confidentiality obligations through provision of confidential information externally (whether through a deliberate hack or inadvertent act of a team member);
- Use of hacking systems, such as malware, phishing emails and ransomware.
Some practical examples of potential data threats include:
- A third party maliciously obtaining access to systems information to replicate to competition;
- An individual franchisee not understanding their confidentiality obligations, and inadvertently disclosing a key piece of information on an online forum, to which competitors have access;
- An internal staff member of the franchisor inadvertently attaching a database of all client information to a third party, in breach of the privacy laws;
- Hacking and leaking upcoming promotional campaigns to the market;
- A denial of service attacks causing franchise software to become inoperable for a period.
What Solutions are Available?
On a broader level, the Australian Government is aware of the huge toll these threats have in the industry and is set to introduce mandatory breach notification laws. At a franchisor level, it is in all parties’ interests to take the issue seriously. Franchisors should provide resources and funds to avoid a data security breach, and have a proper process in place to deal with one if it does unfortunately occur. We have set out some practical steps that you can take below.
1. Prescribe Only Trusted Software
It is not uncommon for franchisees to collect customer information through some online format, with the franchisor often having access. If this is the situation in your franchise, having in place adequate software to protect that information is not only necessary for the maintenance of good customer relations, but also ensures compliance with Australian Privacy Law.
2. Have in Place a Data Breach Policy That is Operative Across the Network
Having a network-wide policy as to the use and access of information and software, data storage procedures and the actions to be taken in the event of an actual or threatened breach makes good business sense. Put this in the Operations Manual and make sure every franchisee signs it off.
3. Customise Your Confidentiality Provisions in the Franchise Agreement
Confidentiality provisions are not a one size fits all affair. Similarly, you should be very reluctant to rely on a clause drafted many years ago. Ideally, your confidentiality clause should capture all data, software and systems.
4. Train Your Franchisees
Having all these systems in place is pointless if you will not enforce them at ground level. Have an online webinar, run a session at your next conference – the method in which you decide to present information isn’t important, provided it helps your franchisees.
5. Undertake a Systems Audit
Look not only at the systems you have in place, but who has access to it, how you share information across the network, and how you store your valuable information.
6. Obtain Cyber Risk Insurance
Obtaining cyber risk insurance is an easy way to mitigate risk. This can be particularly useful in the service industries where a data breach can be disastrous.
7. Have a Privacy Policy and Train Franchisees
Requiring franchisees to acknowledge the practical effects of the National Privacy Principles is easy enough to incorporate into your Operations Manual and have franchisees sign. Going one step further, you can introduce a general privacy policy across the network, requiring all staff to be trained before gaining access to systems.
***
Have any further questions about how you might implement some of these changes to your franchise? Get in touch with our expert franchise lawyers on 1300 544 755.