Rosetta Stone 2015 Annual Report Download - page 17

Download and view the complete annual report

Please find page 17 of the 2015 Rosetta Stone annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 155

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155

Table of Contents
networks is a topic of active interest among federal, state, and international regulatory bodies, and the regulatory environment is unsettled. Many states have
passed laws requiring notification to customers where there is a security breach for personal data, such as California’s Information Practices Act. We face
similar risks in international markets where our products, services and apps are offered. Any failure, or perceived failure, by us to comply with or make
effective modifications to our policies, or to comply with any federal, state, or international privacy, data-retention or data-protection-related laws,
regulations, orders or industry self-regulatory principles could result in proceedings or actions against us by governmental entities or others, a loss of
customer confidence, damage to the Rosetta Stone brands, and a loss of customers, which could potentially have an adverse effect on our business.
In addition, various federal, state and foreign legislative or regulatory bodies may enact new or additional laws and regulations concerning privacy,
data-retention and data-protection issues, including laws or regulations mandating disclosure to domestic or international law enforcement bodies, which
could adversely impact our business, our brand or our reputation with customers. For example, some countries are considering laws mandating that customer
data regarding customers in their country be maintained in their country. Having to maintain local data centers in individual countries could increase our
operating costs significantly. The interpretation and application of privacy, data protection and data retention laws and regulations are often uncertain and in
flux in the U.S. and internationally. These laws may be interpreted and applied inconsistently from country to country and inconsistently with our current
policies and practices, complicating long-range business planning decisions. If privacy, data protection or data retention laws are interpreted and applied in a
manner that is inconsistent with our current policies and practices we may be fined or ordered to change our business practices in a manner that adversely
impacts our operating results. Complying with these varying international requirements could cause us to incur substantial costs or require us to change our
business practices in a manner adverse to our business and operating results.
We are subject to U.S. and foreign government regulation of online services which could subject us to claims, judgments, and remedies, including monetary
liabilities and limitations on our business practices.
We are subject to regulations and laws directly applicable to providers of online services. The application of existing domestic and international laws
and regulations to us relating to issues such as user privacy and data protection, data security, defamation, promotions, billing, consumer protection,
accessibility, content regulation, quality of services, and intellectual property ownership and infringement in many instances is unclear or unsettled. Also, the
collection and protection of information from children under the age of 13 is subject to the provisions of the Children's Online Privacy Protection
Act (COPPA), which is particularly relevant to our learning solutions focused on children. In addition, we will also be subject to any new laws and
regulations directly applicable to our domestic and international activities. Internationally, we may also be subject to laws regulating our activities in foreign
countries and to foreign laws and regulations that are inconsistent from country to country. We may incur substantial liabilities for expenses necessary to
defend litigation in connection with such regulations and laws or to comply with these laws and regulations, as well as potential substantial penalties for any
failure to comply.
Changes in how network operators handle and charge for access to data that travel across their networks could adversely impact our business.
We rely upon the ability of customers to access many of our products through the Internet. To the extent that network operators implement usage based
pricing, including meaningful bandwidth caps, or otherwise try to monetize access to their networks by data providers, we could incur greater operating
expenses and our customer acquisition and retention could be negatively impacted. Furthermore, to the extent network operators were to create tiers of
Internet access service and either charge us for or prohibit us from being available through these tiers, our business could be negatively impacted.
We are exposed to risks associated with credit card and payment fraud, and with our obligations under rules on credit card processing and alternative
payment methods, which could cause us to lose revenue or incur costs. We depend upon our credit card processors and payment card associations.
As an e-commerce provider that accepts debit and credit cards for payment, we are subject to the Payment Card Industry Data Security Standard ("PCI
DSS"), issued by the PCI Council. PCI DSS contains compliance guidelines and standards with regard to our network security surrounding the physical and
electronic storage, processing and transmission of individual cardholder data. Despite our compliance with these standards and other information security
measures, we cannot guarantee that all our information technology systems are able to prevent, contain or detect any cyber attacks, cyber terrorism, or
security breaches from currently known viruses or malware, or viruses or malware that may be developed in the future. To the extent any disruption results in
the loss, damage or misappropriation of information, we may be adversely affected by claims from customers, financial institutions, regulatory authorities,
payment card associations and others. In addition, the cost of complying with stricter privacy and information security laws and standards could be
significant.
16