Priceline 2015 Annual Report Download - page 22

Download and view the complete annual report

Please find page 22 of the 2015 Priceline annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 145

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145

government action is typically intended to protect the privacy of personal data that is collected, processed and transmitted in or from the governing jurisdiction. In
many cases, these laws apply not only to third-party transactions, but also to transfers of information between us and our subsidiaries, including employee
information. For several years, we participated in the U.S.-E.U. Safe Harbor Arrangement (the "Safe Harbor") to address the European Union's data transfer
regulations that would otherwise restrict the transfer of certain data from the European Union to the United States. In October 2015, the European Court of Justice
invalidated the Safe Harbor, and, as a result, we may need to pursue consent and/or other solutions with respect to certain data transfers from the European Union
to the United States. Such consents and/or solutions could be time consuming, costly or complicated to obtain or implement, or we may not be successful in such
efforts, any of which could adversely affect our operations and financial results. These laws and their interpretations continue to develop and may be inconsistent
from jurisdiction to jurisdiction. Non-compliance with these laws could result in penalties or significant legal liability. We could be adversely affected if legislation
or regulations are expanded to require changes in our business practices or if governing jurisdictions interpret or implement their legislation or regulations in ways
that negatively affect our business, results of operations or financial condition.
We are also subject to payment card association rules and obligations under our contracts with payment card processors. Under these rules and
obligations, if information is compromised, we could be liable to payment card issuers for associated expenses and penalties. In addition, if we fail to follow
payment card industry security standards, even if no customer information is compromised, we could incur significant fines or experience a significant increase in
payment card transaction costs.
System capacity constraints, system failures or "denial-of-service" or other attacks could harm our business.
We have experienced rapid growth in consumer traffic to our websites and through our mobile apps, the number of accommodations on our extranets and
the geographic breadth of our operations. If our systems cannot be expanded to cope with increased demand or fail to perform, we could experience unanticipated
disruptions in service, slower response times, decreased customer service and customer satisfaction and delays in the introduction of new services, any of which
could impair our reputation, damage our brands and materially and adversely affect our results of operations. Further, as an online business, we are dependent on
the Internet and maintaining connectivity between ourselves and consumers, sources of Internet traffic, such as Google, and our travel service providers. As
consumers increasingly turn to mobile devices, we also become dependent on consumers' access to the Internet through mobile carriers and their systems.
Disruptions in Internet access, whether generally, in a specific market or otherwise, especially if widespread or prolonged, could materially adversely affect our
business and results of operations. While we do maintain redundant systems and hosting services, it is possible that we could experience an interruption in our
business, and we do not carry business interruption insurance sufficient to compensate us for all losses that may occur.
Our computer hardware for operating our services is currently located at hosting facilities around the world. These systems and operations are vulnerable
to damage or interruption from human error, floods, fires, power loss, telecommunication failures and similar events. They are also subject to break-ins, sabotage,
intentional acts of vandalism, terrorism and similar misconduct. Despite any precautions we may take, the occurrence of any disruption of service due to any such
misconduct, natural disaster or other unanticipated problems at such facilities, or the failure by such facilities to provide our required data communications capacity
could result in lengthy interruptions or delays in our services. Any system failure that causes an interruption or delay in service could impair our reputation,
damage our brands or result in consumers choosing to use a competitive service, any of which could have a material adverse effect on our business and results of
operations.
Our existing security measures may not be successful in preventing attacks on our systems, and any such attack could cause significant interruptions in
our operations. For instance, from time to time, we have experienced "denial-of-service" type attacks on our systems that have made portions of our websites slow
or unavailable for periods of time. There are numerous other potential forms of attack, such as "phishing" (where a third party attempts to infiltrate our systems or
acquire information by posing as a legitimate inquiry or electronic communication), SQL injection (where a third party attempts to obtain information or otherwise
insert malicious code into our software through data entry fields in our websites) and attempting to use our websites as a platform to launch a "denial-of-service"
attack on another party, each of which could cause significant interruptions in our operations and potentially adversely affect our brand, operations and results of
operations or involve us in legal or regulatory proceedings. We expend significant resources in an attempt to prepare for and mitigate the effects of any such
attacks. Reductions in website availability and response time could cause loss of substantial business volumes during the occurrence of any such attack on our
systems, and measures we may take to divert suspect traffic in the event of such an attack could result in the diversion of bona fide customers. These issues are
likely to become more difficult to manage as we expand the number of places where we operate and as the tools and techniques used in such attacks become more
advanced. Successful attacks could result in negative publicity, damage our reputation and prevent consumers from booking travel services, researching travel
services or making restaurant reservations through us during the attack, any of which could cause
19