Citrix 2012 Annual Report Download - page 21

Download and view the complete annual report

Please find page 21 of the 2012 Citrix annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 118

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118

17
hackers, cybercriminals and perpetrators of advanced persistent threats may be able to penetrate our network security and
misappropriate or compromise our confidential information or that of third parties, create system disruptions, product or service
vulnerabilities or cause shutdowns. These perpetrators of cyberattacks also may be able to develop and deploy viruses, worms,
malware and other malicious software programs that attack our products and services, our networks or otherwise exploit any
security vulnerabilities of our products, services and networks. However, because techniques used to obtain unauthorized
access to or sabotage systems change frequently and generally are not recognized until long after being launched against a
target, we may be unable to anticipate these techniques or to implement adequate preventative measures. A breach of our
security measures as a result of third-party action, malware, employee error, malfeasance or otherwise could result in:
harm to our reputation or brand, which could lead some customers to seek to cancel subscriptions, stop using certain
of our products or services, reduce or delay future purchases of our products or services, or use competing products
or services;
individual and/or class action lawsuits, which could result in financial judgments against us and which would cause
us to incur legal fees and costs;
state or federal enforcement action, which could result in fines and/or penalties and which would cause us to incur
legal fees and costs; and/or
additional costs associated with responding to the cyberattack, such as the costs of providing individuals and/or data
owners with notice of the breach, legal fees, the costs of any additional fraud detection activities required by credit
card associations, and costs incurred by credit card issuers associated with the compromise and additional
monitoring of systems for further fraudulent activity.
Any of these actions could materially adversely impact our business and results of operations.
Regulation of the Web and telecommunications, privacy and data security may adversely affect sales of our Collaboration
and Data products and result in increased compliance costs.
As Web commerce continues to evolve, increasing regulation by federal, state or foreign agencies and industry groups
becomes more likely. For example, we believe increased regulation is likely with respect to the solicitation, collection,
processing or use of personal, financial and consumer information as regulatory authorities around the world are considering a
number of legislative and regulatory proposals concerning data protection, privacy and data security. In addition, the
interpretation and application of consumer and data protection laws and industry standards in the United States, Europe and
elsewhere are often uncertain and in flux. The application of existing laws to cloud-based solutions is particularly uncertain and
cloud-based solutions may be subject to further regulation, the impact of which cannot be fully understood at this time.
Moreover, it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our data and
privacy practices. If so, in addition to the possibility of fines, this could result in an order requiring that we change our data and
privacy practices, which could have an adverse effect on our business and results of operations. Complying with these various
laws could cause us to incur substantial costs or require us to change our business practices in a manner adverse to our
business. Also, any new regulation, or interpretation of existing regulation, imposing greater fees or taxes on Web-based
services, such as collaboration and data sharing services and audio services, or restricting information exchange over the Web,
could result in a decline in the use and adversely affect sales of our Collaboration and Data products and our results of
operations.
Our Data Sharing products may involve the storage and transmission of protected health information, or PHI, that is
subject to the Health Insurance Portability and Accountability Act, or HIPAA. HIPAA, amended by the Health Information
Technology for Economic and Clinical Health Act, or the HITECH ACT, has significantly increased the civil money penalties
for violations of patient privacy rights protected under HIPAA. As a result of the HITECH ACT, business associates who have
access to PHI provided by hospitals, healthcare providers, health insurance companies and other covered entities are now
directly subject to HIPAA, including the new enforcement scheme and inspection requirements. We are required to comply
with HIPAA's stringent data security requirement and we may be liable for sanctions and penalties for any failure to so comply.
Furthermore, we may be required to incur additional expenses in order to comply with the HITECH Act and any further
amendments to and/or modifications of these requirements.
In addition, the establishment and operation of Citrix Communications, LLC, our competitive local exchange and
interexchange carrier, subjects us to risks associated with owning and operating a federally regulated telecommunications
entity. In 2012, in an effort to increase the user audio quality experience of our Collaboration products, we registered Citrix
Communications which allows us to control the audio function of our Collaboration products and competes with established
local telephone companies by providing its own network and switching. We can also route telecommunications traffic to the
most cost effective data centers resulting in cost savings. Our failure to comply with applicable law, regulations or reporting
requirements could result in monetary penalties or revocations of our authority to provide telephone services. Changes in
federal or state regulations or interpretations of FCC orders could result in an increase to our compliance costs, have an adverse