HR Block 2015 Annual Report Download - page 19

Download and view the complete annual report

Please find page 19 of the 2015 HR Block annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 104

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104

12 2015 Form 10-K | H&R Block, Inc.
Failure to comply with laws and regulations that protect our clients' and employees' personal information could
harm our brand and reputation and could result in significant fines, penalties, and damages.
In the course of our business, we collect, use, and retain large amounts of personal client information and data,
including tax return information, bank account numbers, and social security numbers. In addition, we collect and
maintain personal information of our employees in the ordinary course of our business. The Company holds some of
this personal information and third parties execute some transactions utilizing this information. We use security and
business controls to limit access to and use of personal information, but unauthorized individuals or third parties may
be able to circumvent these security and business measures, which could require us to notify affected clients or
employees under applicable privacy laws and regulations. We employ contractors and temporary employees who
may have access to the personal information of clients and employees or who may execute transactions in the normal
course of their duties. While we conduct employee background checks, as allowed by law, and limit access to systems
and data, it is possible that one or more of these controls could be circumvented. Improper disclosure or use of our
clients' or employees' personal information could result in damage to our brand and reputation, and actions required
to remediate improper disclosures could be costly.
We are subject to laws, rules, and regulations relating to the collection, use, disclosure, and security of consumer
and employee personal information, which have drawn increased attention from U.S. federal and state governments,
as well as governmental authorities in foreign jurisdictions in which we operate. In the U.S., the IRS generally requires
a tax return preparer to obtain the prior written consent of the taxpayer to use or disclose the taxpayer's information
for certain purposes other than tax return preparation. In addition, other regulations require financial service providers
to adopt and disclose consumer privacy notices and provide consumers with a reasonable opportunity to "opt-out"
of having nonpublic personal information disclosed to unaffiliated third parties. Several jurisdictions have passed new
laws in this area and it continues to be an area of interest across multiple jurisdictions. These laws may be interpreted
and applied inconsistently from jurisdiction to jurisdiction, and our current data protection policies and practices may
not be consistent with all of those interpretations and applications. In addition, changes in the U.S. federal and state
regulatory requirements, as well as requirements imposed by governmental authorities in foreign jurisdictions in
which we operate, could result in more stringent requirements and in a need to change business practices, including
the types of information we can use and the manner in which we can use such information. Establishing systems and
processes to achieve compliance with these new requirements may increase costs or limit our ability to pursue certain
business opportunities.
A security breach of our systems, or third party systems on which we rely, resulting in access to personal client
information may adversely affect the demand for our services and products, our reputation, and financial
performance.
We offer a range of services and products to our clients, including assisted and DIY tax services and banking services
provided by HRB Bank. Due to the nature of these services and products, we use multiple digital technologies to
collect, transmit, and store high volumes of personal client information. Information security risks to companies that
use digital technologies continue to increase due in part to the increased adoption of and reliance upon these
technologies by companies and consumers. Our risk and exposure to these matters remain heightened due to a variety
of factors including, among other things, the evolving nature of these threats and related regulation, the increased
sophistication of organized crime, cyber criminals and hackers, the prominence of our brand, our and our franchisees'
extensive office footprint, our plans to continue to implement our DIY and mobile channel strategies, and our use of
third party vendors.
Cybersecurity risks may result from fraud or malice (a cyber attack), human error, or accidental technological failure.
Cyber attacks are designed to electronically circumvent network security for malicious purposes including unlawfully
obtaining personal client information, disrupting our ability to offer services, damaging our brand and reputation,
stealing our intellectual property, and advancing social or political agendas. We face a variety of cyber attack threats
including computer viruses, malicious codes, worms, phishing attacks, social engineering, denial of service attacks,
and other sophisticated attacks.
We maintain multiple levels of protection in order to address or otherwise mitigate the risk of a security breach.
We regularly test our systems to discover and address potential vulnerabilities. Cybersecurity and the continued
development and enhancement of our controls, processes, and practices designed to protect our systems, computers,
software, data, and networks from attack, damage, or unauthorized access remain a high priority for us. As risks and