Shutterfly 2014 Annual Report Download - page 33

Download and view the complete annual report

Please find page 33 of the 2014 Shutterfly annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 130

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130

customer’s address, and customers log on using their e-mail address. We rely on encryption and
authentication technology licensed from third parties to effect the secure transmission of confidential
information, including credit card numbers. Advances in computer capabilities, new discoveries in the field
of cryptography or other developments may result in a compromise or breach of the technology used by us
to protect customer transaction data. In addition, any party who is able to illicitly obtain a user’s password
could access the user’s transaction data, personal information or stored images. Our use of cloud-based
services could also increase the risk of security breaches as cyber attacks on cloud environments are
increasing to almost the same level as attacks on traditional information technology systems. For example,
in 2014, we experienced a cyber-attack on our Tiny Prints, Treat and Wedding Paper Divas websites, which
may have exposed the email addresses and encrypted passwords used by our customers to login to their
accounts. We encrypt customer credit and debit card information, and we have no evidence that such
information was compromised; however, any compromise of our security could damage our reputation and
brands and expose us to a risk of loss or litigation and possible liability, which would substantially harm our
business and results of operations. In addition, anyone who is able to circumvent our security measures
could misappropriate proprietary information or cause interruptions in our operations. We may need to
devote significant resources to protect against security breaches or to address problems caused by
breaches.
In addition, contractors that we hire as well as other employees have access to confidential
information, including credit card data. Although we take steps to limit this access, this data could be
compromised by these contractors or other employee personnel. Under current credit card practices, we
are liable for fraudulent credit card transactions because we do not obtain a cardholder’s signature. We do
not currently carry insurance against this risk. To date, we have experienced minimal losses from credit
card fraud, but we continue to face the risk of significant losses from this type of fraud. Our failure to
adequately control fraudulent credit card transactions and use of confidential information could damage
our reputation and brands and substantially harm our business and results of operations.
The inability to acquire or maintain domain names for our brands could substantially harm our business and
results of operations.
We currently are the registrant of the Internet domain name for Shutterfly.com, TinyPrints.com,
WeddingPaperDivas.com, MyPublisher.com, BorrowLenses.com and Groovebook.com as well as various
related domain names. Domain names generally are regulated by Internet regulatory bodies and are
controlled also by trademark and other related laws. The regulations governing domain names could
change in ways that block or interfere with our ability to use relevant domains. Also, we might not be able
to prevent third parties from registering or retaining domain names that interfere with our consumer
communications, or infringe or otherwise decrease the value of our trademarks and other proprietary
rights. Recently, regulatory bodies have approved expanded generic top-level domain names, which
involves substantial costs and may lead to an increase in cybersquatting. Regulatory bodies also may
establish additional generic or country-code top-level domains or modify the requirements for holding
domain names. As a result, we might not be able to acquire or maintain the domain names that utilize the
name Shutterfly, TinyPrints, WeddingPaperDivas, MyPublisher, BorrowLenses or Groovebook in all of the
countries in which we currently or intend to conduct business. This could substantially harm our business
and results of operations.
Changes in regulations or user concerns regarding privacy and protection of user data could harm our business.
Federal, state and international laws and regulations may govern the collection, use, sharing and
security of data that we receive from our customers. In addition, we have and post on our websites our own
privacy policies and practices concerning the collection, use and disclosure of customer data. Any failure,
32