TripAdvisor 2012 Annual Report Download - page 37

Download and view the complete annual report

Please find page 37 of the 2012 TripAdvisor annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 200

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200

In addition, we lack backup systems or contingency plans for certain critical aspects of our operations or
business processes. Many other systems are not fully redundant and their disaster recovery or business continuity
planning may not be sufficient. Fire, flood, power loss, telecommunications failure, break-ins, earthquakes, acts
of war or terrorism, acts of God, computer viruses, electronic intrusion attempts from both external and internal
sources and similar events or disruptions may damage or impact or interrupt computer or communications
systems or business processes at any time. Although we have put measures in place to protect certain portions of
our facilities and assets, any of these events could cause system interruption, delays and loss of critical data, and
could prevent us from providing content and services to users, travelers and/or third parties for a significant
period of time. Remediation may be costly and we may not have adequate insurance to cover such costs.
Moreover, the costs of enhancing infrastructure to attain improved stability and redundancy may be time
consuming and expensive and may require resources and expertise that are difficult to obtain.
We process, store and use personal information and other data, which subjects us to risks stemming from
possible failure to comply with governmental regulation and other legal obligations and potential liability
related to security breaches.
We may acquire personal or confidential information from users of our websites and mobile applications.
There are numerous laws regarding privacy and the storing, sharing, use, processing, disclosure and protection of
personal information and other consumer data, the scope of which are changing, subject to differing interpretations,
and may be inconsistent between countries or conflict with other rules. We strive to comply with all applicable laws,
policies, legal obligations and industry codes of conduct relating to privacy and data protection. It is possible,
however, that these obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction
to another and may conflict with other rules or our practices. Any failure or perceived failure by us to comply with
our privacy policies, privacy-related obligations to users or other third parties, or privacy-related legal obligations,
or any compromise of security that results in the unauthorized release or transfer of personally identifiable
information or other user data, may result in governmental enforcement actions, litigation or public statements
against the relevant company by consumer advocacy groups or others and could cause our customers and members
to lose trust in us, which could have an adverse effect on our business.
The regulatory framework for privacy issues worldwide is currently in flux and is likely to remain so for the
foreseeable future. Practices regarding the collection, use, storage, transmission and security of personal
information by companies operating over the Internet have recently come under increased public scrutiny. The
U.S. Congress and federal agencies, including the Federal Trade Commission and the Department of Commerce,
are reviewing the need for greater regulation for the collection and use of information concerning consumer
behavior on the Internet, including regulation aimed at restricting certain targeted advertising practices. U.S.
courts are also considering the applicability of existing federal and state statutes, including computer trespass and
wiretapping laws, to the collection and exchange of information online. In addition, the European Union is in the
process of proposing reforms to its existing data protection legal framework, which may result in a greater
compliance burden for companies, including us, with users in Europe and increased costs of compliance. We
have collaborations with other online service providers that involve exchanges of user information, and these
practices may attract increased regulatory scrutiny in the United States and Europe in the future.
Potential security breaches to our systems, whether resulting from internal or external sources, could
significantly harm our business. There can be no guarantee that our existing security measures will prevent all
possible security breaches or attacks. A party, whether internal or external, that is able to circumvent our security
systems could misappropriate user information or proprietary information or cause significant interruptions in
our operations. In the past, we have experienced “denial-of-service” type attacks on our systems that have made
portions of our websites unavailable for short periods of time as well as unauthorized access of our systems and
data. We may need to expend significant resources to protect against security breaches or to address problems
caused by breaches, and reductions in website availability could cause a loss of substantial business volume
during the occurrence of any such incident. Because the techniques used to sabotage security change frequently,
often are not recognized until launched against a target and may originate from less regulated and remote areas
27