Online Privacy Issues for Franchisors and Franchisees

Published on June 18, 2015

I. Introduction

Many franchisors utilize their website as a tool to advertise and to solicit information from prospective franchisees. The franchisor may then contact the prospect or even pre-qualify the potential inquirer while on-line. This article examines the rights and responsibilities of franchisees providing information and franchisors collecting and using the information. Instead of a review of case law and statutes, we will look at the practicalities.

Franchisee Perspective. Suppose you are a prospective franchisee and desire to ascertain if a franchise business is right for you. You could pursue this by obtaining various business opportunity guides, reading ads in various publications, visiting a franchise convention, visiting franchise sites on-line, calling a franchisor or franchisee and visiting a franchise location, among other methods. Of these approaches, one method you can pursue at home with minimal cost is to undertake some on-line visits. These visits seem like quick, safe ways to learn basic information about a franchisor and the franchisor’s system, so you start your search. After viewing a colorful, professional web site, you are asked to provide your name, address, phone number and/or e-mail address so the franchisor may contact you. You hesitate because you do not like just entering your name in cyberspace. Will salespeople hound you? Worse yet, will your information end up on some e-mail or direct mail marketing list? Looking closer, you see that the web site also can be used to start the pre-qualification process to become a franchisee. You are asked to provide more personal information, such as educational background, work experience, financial information, etc. This catches you a little off guard. You can call the franchisor or you can decide if you feel safe enough to disclose the information to the franchisor on-line. You peruse the web site for assurance, but there is no statement or promise as to what happens to the information once disclosed. Do you disclose the information? Are there other things to look for to feel safer?

Franchisor Perspective. Now suppose you are a franchisor and you want to locate prospective franchisees. You can advertise, include your company listings, attend franchise conventions, grant incentives to your franchisees to find more franchisees, and create a web site, among other ideas. You decide to spend the money to create a nice web site and hope prospective franchisees will come for a visit. Better yet, you hope they leave information so you can contact them. To make your contacts more effective, it would be even better if the visitors left just a little pre-qualification information. Will they feel comfortable doing so? Should you provide a statement or promise as to what happens to the information once disclosed? Are there other things you can do?

Privacy Policies. A statement or promise showing what the franchisor will do to safeguard the franchisee’s information and provide comfort to a disclosing party is generally known as a franchisor’s on-line privacy policy. A March 1998 survey by the Federal Trade Commission (FTC) of more than 1400 commercial web sites showed that only 14% of the sites provided any notice of information practices and only 2% had a comprehensive privacy policy. This survey did not bode well for advocates of self-regulation.

In March 1999, two other surveys were conducted by the FTC, albeit less comprehensive, not necessarily scientific. The first involved 361 web sites from the 7,500 busiest servers on the web. This survey showed that 44% posted privacy policy notices. A second survey utilized the top 100 web sites and showed that 81% posted privacy notices. These surveys showed a dramatic increase in the use of privacy notices. Still, only 10% in the first survey and 22% in the second survey actually satisfied the “fair information practices” declared by the FTC (1998 FTC Report at pages 7-10).

If you are the franchisor in the above proposal, you may want to be aware that the FTC has promulgated “fair information practices” and that the fifth principle deals with enforcement and redress. The FTC holds enforcement powers against on-line data collectors. This may include you as a franchisor. To date, enforcement has included the use of consent orders requiring the use of a prescribed privacy policy. See, e.g. Library Fin. Serv. Co., 64 Fed. Reg. 29,031 (1999).

Summary. This report begins with the premise that franchisors want to have prospective franchisees visit their web sites, complete information requests, and give pre-qualification disclosures. To help encourage disclosures by prospective franchisees, a franchisor may need to consider the on-line privacy expectations of its prospective franchisees, the “fair information practices” of the FTC, and the prospect of federal legislation.

II. FTC

The FTC’s goal in implementing its regulations is to “encourage and facilitate effective self-regulation as the preferred approach to protecting consumer privacy on-line.” See, Federal Trade Commission, Self-Regulation and Privacy On-Line: A Report to Congress (1999). The “fair information practices” espoused by the FTC and applied to franchisors are shown in the following five general principles.

• 1. Notice. Prospects should be given notice of the franchisors’ on-line information practices so they can decide for themselves if they feel secure to disclose the information.
• 2. Consent. The prospect should be able to decide whether to allow the actual use of the information.
• 3. Participation. The prospect should be able to access or request information collected about them.
• 4. Security. The information should be in a safe and secure location.
• 5. Enforcement. The prospect should have a mechanism for redress.

Franchisors utilizing web sites to collect information from franchisees or prospective franchisees should become familiar with the FTC “fair information practices.”

III. The OPA and Privacy Seal Programs

The 1999 FTC report also discussed the On-Line Privacy Alliance issuance of guidelines (see http//www.privacyalliance.org) and the new “privacy seal” programs started by groups such as TRUSTe, BBB On-Line and CPA Web Trust.

The On-Line Privacy Alliance (OPA) defines itself on its web site as “a diverse group of corporations and associations who have come together to introduce and promote business-wide actions that create an environment of trust and foster the protection of individuals’ privacy on-line.” The OPA is designed to provide self-regulating guidelines, but does not contain any enforcement mechanisms. Use of the guidelines is voluntary.

One of the recommendations of the OPA is for businesses on the web to use “privacy seal” programs.

Privacy seal programs operate like a seal of approval representing that the web site operators have agreed to comply with certain specified privacy standards. The seal is conveyed through the display of the logo of the particular privacy seal program. The logo then is a certification trademark, a special type of trademark representing a certification of or compliance with certain educational or other prerequisites. It is beyond the scope of this article to review all of the privacy seal programs, but we will examine some examples:

A. BBB On-Line

The Better Business Bureau has a subsidiary known as BBB On-Line. BBB On-Line has implemented a Code of On-Line Business Practices. A number of web sites now display the BBB On-Line seal, signifying that they adhere to the BBB On-Line Code of On-Line Business Practices.

The practices require the franchisor utilizing the web site and displaying the BBB On-Line mark to adhere to five general principles:

• 1. Disclose! Disclose! Disclose! This relates to easy-to-understand, accurate information.
• 2. Tell the whole truth and nothing but the truth. This precludes use of deceptive or misleading trade practices.
• 3. Have respectful information practices. This requires the posting of a privacy policy based on fair information principles.
• 4. Aim to please! This includes resolution of disputes in a timely and responsive manner.
• 5. Take special care with children. If the site targets children under 13, special care is required.

There are a number of detailed disclosures and procedures required by BBB On-Line in order to satisfy the above five principles. If one desires to use the BBB On-Line seal then one also needs to disclose how its compliance with BBB On-Line is investigated, that is, by itself, by a third party, or by the BBB. A violation of BBB On-Line practices could result in a revocation of the BBB On-Line seal and a possible referral to a law enforcement agency. BBB On-Line is currently monitoring sites and is looking to implement a third-party verification plan. For more information on BBB On-Line, see http://www.bbbon-line.com.

B. TRUSTe

This privacy seal program follows OPA guidelines. TRUSTe investigates and monitors web sites and will investigate user complaints about practices that are not consistent with a site’s privacy policy. Complaints result in third-party, on-site audits, revocation of the right to use the seal, and referral to the FTC or other appropriate law enforcement agencies. For more information on TRUSTe, see http://www.truste.org.

C. CPA Web Trust

This program comes from the American Institute of Certified Public Accountants, together with the Canadian Institute of Chartered Accountants, and has a scope which is much broader than TRUSTe or BBB On-Line. Compliance also includes business practices and company order fulfillment policies. Also different is that independent auditors administer this program instead of members of the organization. Enforcement includes mandatory arbitration of disputes. This program is used much less broadly than the other programs because of the breadth of the coverage.

IV. Summary

Franchisees are often normal people very much afraid to disclose information on-line. A franchisor seeking prospects to disclose information on its web site may well consider the voluntary use of a privacy policy or even a privacy seal program such as TRUSTe, BBB On-Line, or CPA Web Trust. The FTC currently promotes the utilization of self-regulation to meet privacy concerns. However, at least five Bills were introduced in the 1998-1999 legislative session that relate to regulating Internet privacy concerns so everyone is not convinced self-regulation is the final answer. Other countries such as Canada and the European Union have already moved forward with regulation. Is the U.S. destined to have more regulation or will voluntary use of privacy policies and privacy seal programs work?

If you were the potential franchisee, to which franchisor would you disclose your information? One showing a privacy policy/compliance with a privacy seal program or one with no such policy or program? Or would you be more inclined to make disclosures if there were federal regulation giving tougher standards of compliance and more teeth to enforcement?

Kevin J. Collette is an attorney in Ryan Swanson’s Business Group and can be reached at 206-654-2252 or [email protected].