VMware 2013 Annual Report Download - page 26

Download and view the complete annual report

Please find page 26 of the 2013 VMware annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 186

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186

Table of Contents
of operations have been commenced, there can be no assurance that actions will not be taken in the future. Furthermore, because litigation and the outcome of
regulatory proceedings are inherently unpredictable, it is possible that our business, financial condition or results of operations could be negatively affected
by an unfavorable resolution of one or more of such proceedings, claims, demands or investigations.
Our business is subject to a variety of U.S. and international laws and regulations regarding data protection.
Our business is subject to federal, state and international laws and regulations regarding privacy and protection of personal data. As Internet commerce
continues to evolve, regulation by federal, state and foreign governments or agencies in the areas of data privacy and data security is likely to increase. Other
nations currently have data privacy laws that, in some respects, are more stringent than privacy standards in the United States. As we expand our operations
in these countries, our liability exposure the complexity and cost of compliance with data and privacy requirements will likely increase. We collect contact
and other personal or identifying information from our customers. Additionally, in connection with some of our new product initiatives, including our vCloud
Hybrid Service offering, we expect that our customers may increasingly use our services to store and process personal information and other user data. We
post, on our websites, our privacy policies and practices concerning our treatment of personal data. We also often include privacy commitments in our
contracts. Any failure by us to comply with our posted privacy policies, other federal, state or international privacy-related or data protection laws and
regulations, or the privacy commitments contained in our contracts could result in proceedings against us by governmental entities or others, which could
have a material adverse effect on our business, financial condition and results of operations. In addition, the increased attention focused upon liability issues
as a result of lawsuits and legislative proposals could harm our reputation or otherwise impact the growth of our business.
It is possible that these laws and regulations may be interpreted and applied in a manner that is inconsistent with our data practices. If so, in addition to
the possibility of fines and penalties, a governmental order requiring that we change our data practices could result, which in turn could have a material
adverse effect on our business. Compliance with such an order may involve significant costs or require changes in business practices that result in reduced
revenue. Noncompliance could result in penalties being imposed on us or we could be ordered to cease conducting the noncompliant activity.
In addition to government regulation, privacy advocacy and industry groups or other third parties may propose new and different self-regulatory
standards that either legally or contractually apply to our customers or us. Any inability to adequately address privacy concerns, even if unfounded, or comply
with applicable privacy or data protection laws, regulations and standards, could result in additional cost and liability to us, damage our reputation, reduce
sales and harm our business.
Additionally, our virtualization technology is used by cloud computing vendors, and we have expanded our involvement in the delivery and provision of
cloud computing through business alliances with various providers of cloud computing services and software and expect to continue to do so in the future.
The application of U.S. and international data privacy laws to cloud computing vendors is uncertain, and our existing contractual provisions may prove to be
inadequate to protect us from claims for data loss or regulatory noncompliance made against cloud computing providers who we may partner with.
Accordingly, the failure to comply with data protection laws and regulations by our customers and business partners who provide cloud computing services
could have a material adverse effect on our business.
Since some of our products and services are web-based, our customers store their data on our servers and our vendors’ servers. This data may include
personal data. It may also include protected health information (“PHI”) that is subject to the Health Insurance Portability and Accountability Act (“HIPAA”).
HIPAA has been amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”) with the result of increased civil
penalties. As a result of HIPAA and the HITECH Act, business associates who have access to PHI provided by covered entities and other business associates
are now directly subject to HIPAA. When our customers place PHI into our vCloud Hybrid Service, we are now required to comply with HIPAA’s data
security requirements and may be liable for sanctions and penalties for failure to do so. Any systems failure or compromise of our security that results in the
release of our customers’ data could (i) subject us to substantial damage claims from our customers, (ii) expose us to costly regulatory remediation, and (iii)
harm our reputation and brand. We may also need to expend significant resources to protect against security breaches.
If we fail to comply with our customer contracts or government contracting regulations, our business could be adversely affected.
Our contracts with our customers may include unique and specialized performance requirements. In particular, our contracts with federal, state, local and
non-U.S. governmental customers and our arrangements with distributors and resellers who may sell directly to governmental customers are subject to
various procurement regulations, contract provisions and other requirements relating to their formation, administration and performance. Any failure by us to
comply with provisions in our customer contracts or any violation of government contracting regulations could result in the imposition of various civil and
criminal penalties, which may include termination of contracts, forfeiture of profits, suspension of payments and, in the case of our government contracts,
fines and suspension from future government contracting. Further, any negative publicity related to our customer contracts or any proceedings surrounding
them, regardless of its accuracy, may damage our business and affect
24