TripAdvisor 2014 Annual Report Download - page 33

Download and view the complete annual report

Please find page 33 of the 2014 TripAdvisor annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 172

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172

23
The regulatory framework for privacy issues worldwide is currently in flux and is likely to remain so for the foreseeable future.
Practices regarding the collection, use, storage, transmission and security of personal information by companies operating over the
Internet have recently come under increased public scrutiny. The U.S. Congress and federal agencies, including the Federal Trade
Commission and the Department of Commerce, are reviewing the need for greater regulation for the collection and use of information
concerning consumer behavior on the Internet. U.S. courts are also considering the applicability of existing federal and state statutes,
including computer trespass and wiretapping laws, to the collection and exchange of information online. In addition, the European
Union is in the process of proposing reforms to its existing data protection legal framework, which may result in a greater compliance
burden for companies, including us, with users in Europe and increased costs of compliance.
Potential security breaches to our systems, whether resulting from internal or external sources, could significantly harm our
business. A party, whether internal or external, that is able to circumvent our security systems could misappropriate user information
or proprietary information or cause significant interruptions in our operations. In the past, we have experienced “denial-of-service”
type attacks on our systems that have made portions of our websites unavailable for short periods of time as well as unauthorized
access of our systems and data. We have acquired a number of companies over the years and may continue to do so in the future.
While we make significant efforts to address any information technology security issues with respect to our acquisitions, we may still
inherit such risks when we integrate the acquired businesses. We may need to expend significant resources to protect against security
breaches or to investigate and address problems caused by breaches, and reductions in website availability could cause a loss of
substantial business volume during the occurrence of any such incident. Because the techniques used to sabotage security change
frequently, often are not recognized until launched against a target and may originate from less regulated and remote areas around the
world, we may be unable to proactively address these techniques or to implement adequate preventive measures. Security breaches
could result in negative publicity, damage to reputation, exposure to risk of loss or litigation and possible liability due to regulatory
penalties and sanctions. Security breaches could also cause travelers and potential users to lose confidence in our security, which
would have a negative effect on the value of our brand. Failure to adequately protect against attacks or intrusions, whether for our own
systems or systems of vendors, could expose us to security breaches that could have an adverse impact on financial performance.
We also face risks associated with security breaches affecting third parties conducting business over the Internet. Much of our
business is conducted with third party marketing affiliates, which may generate travel reservations through our infrastructure or
through our systems. In addition, we frequently use third parties to process credit card payments. A security breach at such third party
could be perceived by consumers as a security breach of our systems and could result in negative publicity, damage our reputation,
expose us to risk of loss or litigation and possible liability and subject us to regulatory penalties and sanctions. In addition, such third
parties may not comply with applicable disclosure requirements, which could expose us to liability.
We are currently relying on the “controlled company” exemption under NASDAQ Stock Market Listing Rules, pursuant to which
“controlled companies” are exempt from certain corporate governance requirements otherwise applicable under NASDAQ listing
rules.
The NASDAQ Stock Market Listing Rules exempt “controlled companies,” or companies of which more than 50% of the voting
power is held by an individual, a group or another company, from certain corporate governance requirements, including those
requirements that:
x A majority of the Board of Directors consist of independent directors;
x Compensation of officers be determined or recommended to the Board of Directors by a majority of its independent
directors or by a compensation committee comprised solely of independent directors; and
x Director nominees be selected or recommended to the Board of Directors by a majority of its independent directors or by a
nominating committee that is composed entirely of independent directors.
We currently rely on the controlled company exemption from the above requirements. Accordingly, our stockholders will not be
afforded the same protections generally as stockholders of other NASDAQ-listed companies with respect to corporate governance for
so long as we rely on these exemptions from the corporate governance requirements.
If we are unable to successfully maintain effective internal control over financial reporting, investors may lose confidence in our
reported financial information and our stock price and business may be adversely impacted.
As a public company, we are required to maintain internal control over financial reporting and our management is required to
evaluate the effectiveness of our internal control over financial reporting as of the end of each fiscal year. Additionally, we are
required to disclose in our Annual Reports on Form 10-K our management’s assessment of the effectiveness of our internal control
over financial reporting and a registered public accounting firm’s attestation report on this assessment. If we are not successful in
maintaining effective internal control over financial reporting, there could be inaccuracies or omissions in the consolidated financial
information we are required to file with the SEC. Additionally, even if there are no inaccuracies or omissions, we could be required to