8x8 2016 Annual Report Download - page 24

Download and view the complete annual report

Please find page 24 of the 2016 8x8 annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 149

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149

Failure to comply with laws and contractual obligations related to data privacy and protection could have a material adverse effect on our business,
financial condition and operating results.
We are subject to the data privacy and protection laws and regulations adopted by federal, state and foreign governmental agencies. Data privacy and protection is
highly regulated and may become the subject of additional regulation in the future. For example, lawmakers and regulators worldwide are considering proposals
that would require companies, like us, that encrypt users' data to ensure access to such data by law enforcement authorities. Privacy laws restrict our storage, use,
processing, disclosure, transfer and protection of personal information, including credit card data, provided to us by our customers as well as data we collect from
our customers and employees. We strive to comply with all applicable laws, regulations, policies and legal obligations relating to privacy and data protection.
However, it is possible that these requirements may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict
with other rules or our practices. Should this occur, we may be subject to fines, penalties and lawsuits, and our reputation may suffer. We may also be required to
make modifications to our data practices that could have an adverse impact on our business.
Governmental entities, class action lawyers and privacy advocates are increasingly examining companies' data collection, processing, use, storing, sharing and
transmitting or personal data and data linkable to individuals. Self-regulatory codes of conduct, enforcement actions by regulatory agencies, and lawsuits by private
parties impose additional compliance costs on us negative impacting our profitability as well as subject us to unknown potential liabilities. These evolving laws,
rules and practices may also curtail our current business activities which may also result in slimmer profit margins and reduce new opportunities.
We are also subject to the privacy and data protection-related obligations in our contracts with our customers and other third parties. Any failure, or perceived
failure, by us to comply with federal, state, or international laws, including laws and regulations regulating privacy, data or consumer protection, or to comply with
our contractual obligations related to privacy, could result in proceedings or actions against us by governmental entities, contractual parties or others, which could
result in significant liability to us as well as harm to our reputation. Additionally, third parties on which we rely enter into contracts to protect and safeguard our
customers' data. Should such parties violate these agreements or suffer a breach, we could be subject to proceedings or actions against us by governmental entities,
contractual parties or others, which could result in significant liability to us as well as harm to our reputation.
There is considerable uncertainty with respect to the state of law governing data transfers between the European Union ("EU"), and other countries with similar
data protection laws, and the U.S. A preliminary agreement has been entered into by representatives from the U.S. and EU but it remains unclear what the final
resolution will be for cross-border data transfers of personal information. For certain data transfers between the EU and the U.S., our company, like many others,
takes advantage of what is referred to as the "EU-U.S. Safe Harbor," in order to comply with privacy obligations imposed by EU-member countries. In late 2015,
the European Court of Justice invalidated the EU-U.S. Safe Harbor. Some individual data protection regulators located in EU countries threatened to begin
enforcement actions. Additionally, other countries that relied on the EU-U.S. Safe Harbor that are not part of the EU have also found that data transfers to the U.S.
are no longer valid based on the European Court of Justice ruling. We have been working to establish alternative methods that would allow us to continue to
transfer data to the U.S. from all countries that have invalidated pre-existing safe harbors. Some independent data regulators have adopted the position that other
forms of compliance are also invalid though the legal grounds for these findings remains unclear at this time. Like many other companies, we continue to face
uncertainty both with respect to the measures we have implemented following the ruling of the European Court of Justice and the ultimate resolution of the laws
governing cross-border data transfers. We cannot predict how or if this issue will be resolved nor can we evaluate our potential liability at this time.
We could be liable for breaches of security on our website, fraudulent activities of our users, or the failure of third party vendors to deliver credit card
transaction processing services.
A fundamental requirement for operating an Internet-based, worldwide cloud software solutions and electronically billing our customers is the secure transmission
of confidential information and media over public networks. Although we have developed systems and processes that are designed to protect consumer information
and prevent fraudulent credit card transactions and other security breaches, failure to mitigate such fraud or breaches may adversely affect our operating results.
The law relating to the liability of providers of online payment services is currently unsettled and states may enact their own rules with which we may not comply.
We rely on third party providers to process and guarantee payments made by our subscribers up to certain limits, and we may be unable to prevent our customers
from fraudulently receiving goods and services. Our liability risk will increase if a larger fraction of transactions effected using our cloud-based services involve
fraudulent or disputed credit card transactions.
21