For the second time in a year, Marriott's franchisee White Lodging Services Corporation has experienced a data breach of its point-of-sale systems. As reported by KrebsOnSecurity, the breach extended over a seven-month period and exposed thousands of guests' credit and debit card information.
Notably, franchisors and franchisees can take some relatively simple steps on the front end to mitigate the effects of a data breach involving the disclosure of payment card information, including:
- ensuring that franchise agreements require compliance with the Payment Card Industry's Data Security Standard (PCI DSS), as well as breach notification;
- procuring cyber insurance with sufficient coverage for legal defense costs and fines, along with other costs, including, but not limited to, forensic investigations and crisis management; and
- negotiating vendor agreements that provide for PCI Compliance and for indemnity by the vendor.
Of course, these simple steps are not without their nuances. But recognizing their importance now and addressing them systematically as part of a comprehensive risk management plan is the most effective way to minimize damages in the event of a breach.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
