Rite Aid 2016 Annual Report Download - page 19

Download and view the complete annual report

Please find page 19 of the 2016 Rite Aid annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 165

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165

primary operational duties. If our systems are damaged, fail to function properly or otherwise become
unavailable, we may incur substantial costs to repair or replace them, and may experience loss of
critical data and interruptions or delays in our ability to perform critical functions, which could
adversely affect our business and results of operations. Any compromise or breach of our data security,
whether external or internal, or misuse of customer, associate, supplier or our data could also result in
a violation of applicable privacy, information security, and other laws, significant legal and financial
exposure, fines or lawsuits, damage to our reputation, loss or misuse of the information and a loss of
confidence in our security measures, which could harm our business. Although we maintain cyber
security insurance, we cannot assure you that the coverage limits under our insurance program will be
adequate to protect us against future claims. In addition, as the regulatory environment related to
information security, data collection and use, and privacy becomes increasingly rigorous, with new and
constantly changing requirements applicable to our business, compliance with those requirements could
also result in additional costs.
We are subject to payment-related risks that could increase our operating costs, expose us to fraud or theft,
subject us to potential liability and potentially disrupt our business.
We accept payments using a variety of methods, including cash, checks, credit and debit cards, gift
cards and mobile payment technology, and we may offer new payment options over time. Acceptance
of these payment options subjects us to rules, regulations, contractual obligations and compliance
requirements, including payment network rules and operating guidelines, data security standards and
certification requirements, and rules governing electronic funds transfers. These requirements may
change over time or be reinterpreted, making compliance more difficult or costly. For certain payment
methods, including credit and debit cards, we pay interchange and other fees, which may increase over
time and raise our operating costs. We rely on third parties to provide payment processing services,
including the processing of credit cards, debit cards, and other forms of electronic payment. If these
companies become unable to provide these services to us, or if their systems are compromised, it could
potentially disrupt our business. The payment methods that we offer also subject us to potential fraud
and theft by criminals, who are becoming increasingly more sophisticated, seeking to obtain
unauthorized access to or exploit weaknesses that may exist in the payment systems. If we fail to
comply with applicable rules or requirements for the payment methods we accept, or if payment-related
data is compromised due to a breach or misuse of data, we may be liable for costs incurred by payment
card issuing banks and other third parties or subject to fines and higher transaction fees, or our ability
to accept or facilitate certain types of payments may be impaired. In addition, our customers could lose
confidence in certain payment types, which may result in a shift to other payment types or potential
changes to our payment systems that may result in higher costs. As a result, our business and operating
results could be adversely affected.
If we fail to protect the security of personal information about our customers and associates, we could be
subject to costly government enforcement actions or private litigation.
Through our sales and marketing activities, we collect and store certain personal information that
our customers provide to purchase products or services, enroll in promotional programs, register on our
web site, or otherwise communicate and interact with us. We also gather and retain information about
our associates in the normal course of business. We may share information about such persons with
vendors that assist with certain aspects of our business. We also participate in the Plenti coalition with
American Express, in which we provide detailed customer information to allow them to administer the
coalition program. Despite instituted safeguards for the protection of such information, security could
be compromised and confidential customer or business information misappropriated, for which we have
paid related penalties in the past. Loss of customer or business information could disrupt our
operations, damage our reputation, and expose us to claims from customers, financial institutions,
payment card associations and other persons, any of which could have an adverse effect on our
19