eBay 2008 Annual Report Download - page 29

Download and view the complete annual report

Please find page 29 of the 2008 eBay annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 124

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124

fines or lose our ability to give customers the option of using credit cards to fund their payments or pay their fees. If
we were unable to accept credit cards, our business would be seriously damaged.
eBay’s Korean subsidiary, IAC, has notified a majority of its approximately 20 million users of a data breach
involving personally identifiable information including name, address, resident registration number and some
transaction and refund data (but not including credit card information or real time banking information).
Approximately 141,000 users have sued IAC over this breach in several lawsuits and we expect more to do so
in the future. There is some precedent in Korea for a court to grant “consolation money” for data breaches without a
specific finding of harm from the breach. Such precedents have involved payments of up to approximately $200 per
user. A consumer agency recently made a non-binding recommendation that IAC make payments of
50,000-100,000 Korean won (approximately $35-70) to consumers who had complained to it as a result of such
breach. IAC intends to vigorously defend itself in this lawsuit.
Our servers are also vulnerable to computer viruses, physical or electronic break-ins, and similar disruptions,
and we have experienced “denial-of-service” type attacks on our system that have made all or portions of our
websites unavailable for periods of time. We may need to expend significant resources to protect against security
breaches or to address problems caused by breaches. These issues are likely to become more difficult as we expand
the number of places where we operate. Security breaches, including any breach by us or by parties with which we
have commercial relationships that result in the unauthorized release of our users’ personal information, could
damage our reputation and expose us to a risk of loss or litigation and possible liability. Our insurance policies carry
low coverage limits, which may not be adequate to reimburse us for losses caused by security breaches.
Our users, as well as those of other prominent Internet companies, have been and will continue to be targeted
by parties using fraudulent “spoof” and “phishing” emails to misappropriate passwords, credit card numbers, or
other personal information or to introduce viruses through “trojan horse” programs to our users’ computers. These
emails appear to be legitimate emails sent by eBay, PayPal, Skype, or a user of one of those businesses, but direct
recipients to fake websites operated by the sender of the email or request that the recipient send a password or other
confidential information via email or download a program. Despite our efforts to mitigate “spoof” and “phishing”
emails through product improvements and user education, “spoof” and “phishing” remain a serious problem that
may damage our brands, discourage use of our websites, and increase our costs.
Changes in regulations or user concerns regarding privacy and protection of user data could adversely
affect our business.
We are subject to laws relating to the collection, use, retention, security and transfer of personally identifiable
information about our users, especially for financial information and for users located outside of the U.S. In many
cases, these laws apply not only to third-party transactions but also to transfers of information between ourselves
and our subsidiaries, and between ourselves, our subsidiaries, and other parties with which we have commercial
relations. New laws in this area have been passed by several jurisdictions, and other jurisdictions are considering
imposing additional restrictions. The interpretation and application of user data protection laws are in a state of flux.
These laws may be interpreted and applied inconsistently from country to country and our current data protection
policies and practices may not be consistent with those interpretations and applications. Complying with these
varying international requirements could cause us to incur substantial costs or require us to change our business
practices in a manner adverse to our business. In addition, we have and post on our websites our own privacy
policies and practices concerning the collection, use and disclosure of user data. Any failure, or perceived failure, by
us to comply with our posted privacy policies or with any regulatory requirements or orders or other federal, state or
international privacy or consumer protection-related laws and regulations could result in proceedings or actions
against us by governmental entities or others, subject us to significant penalties and negative publicity and adversely
affect us. In addition, as noted above, we are subject to the possibility of security breaches, which themselves may
result in a violation of these laws.
Our revenue from advertising is subject to factors beyond our control.
We derive an increasing portion of our revenues from advertising on our websites. Revenues from online
advertising are sensitive to events and trends that affect advertising expenditures, such as general changes in the
21