Albertsons 2014 Annual Report Download - page 22

Download and view the complete annual report

Please find page 22 of the 2014 Albertsons annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 144

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144

breach by computer hackers and cyber terrorists. The Company relies on industry accepted security measures and
technology to securely maintain confidential and proprietary information maintained on the Company’s
information systems, and continues to invest in maintaining and upgrading the systems and applications to ensure
risk is controlled. However, these measures and technology may not adequately prevent security breaches. In
addition, the unavailability of the information systems or failure of these systems to perform as anticipated for
any reason, including any inability to access data stored in these systems, could disrupt the Company’s business
and could result in decreased performance and increased overhead costs, causing the Company’s business and
results of operations to suffer.
Additionally, the Company’s businesses involve the receipt and storage of sensitive data, including personal
information about the Company’s customers and employees and proprietary business information of the Company
and its customers and vendors. The Company may also share information with vendors that assist the Company in
conducting its business, as required by law, with the permission of the individual or as permitted under the
Company’s privacy policy. As a merchant that accepts debit and credit cards for payment, the Company is subject
to the Payment Card Industry Data Security Standard (“PCI DSS”), issued by the PCI Council. PCI DSS contains
compliance guidelines and standards with regard to the Company’s security surrounding the physical and electronic
storage, processing and transmission of individual cardholder data. By accepting debit cards for payment, the
Company is also subject to compliance with American National Standards Institute data encryption standards, and
payment network security operating guidelines. The Company currently complies with PCI DSS version 2.0;
however, the Company will be required to comply with the new PCI DSS version 3.0 by January 1, 2015.
Despite compliance with these standards and the utilization of other information security measures, the Company
cannot be certain that all of its IT systems or the IT systems of its vendors are or will be able to prevent, contain
or detect any cyber-attacks or security breaches from known malware, malware that may be developed in the
future or otherwise. Cyber-attacks are rapidly evolving and becoming increasingly sophisticated and difficult to
detect, and therefore, the Company may be unable to anticipate these attacks or implement adequate preventive
measures. Additionally, unauthorized parties may attempt to gain access to the Company’s or a vendor’s systems
or facilities through fraud, trickery or other forms of deception involving the Company’s employees or vendors.
To the extent that any attack or breach results in the loss, damage or misappropriation of information, the
Company may be adversely affected by claims from customers, financial institutions, payment card associations,
stockholders and others and by costly inquiries or enforcement actions on the part of regulatory authorities. The
Company’s operations could also be significantly disrupted by these claims, as well as by the need to spend
significant time and expense to fix or replace its systems. The Company could also lose credibility with its
customers and suffer damage to its reputation and future sales. In addition, the cost of complying with stricter
privacy and information security laws and standards, including PCI DSS version 3.0, and developing,
maintaining and upgrading technology systems to address future advances in technology, could be significant and
the Company could experience problems and interruptions associated with the implementation of new or
upgraded systems and technology or with maintenance or adequate support of existing systems.
Customers are increasingly using computers, tablets, mobile phones and other devices to shop in stores and
online and provide feedback and public commentary on their shopping experience, including prices.
Multichannel retailing is rapidly evolving. If the Company does not keep pace with changing customer
expectations and new developments and technology investments by its competitors, the Company’s ability to
compete and results of operations could be adversely affected. In addition, if the customer-facing technology
systems do not reliably function as designed, the Company may experience a loss of customer confidence or data
security breaches or be exposed to fraudulent purchases, which, if significant, could adversely affect the
Company’s reputation and results of operations.
The Company’s businesses are subject to laws and governmental regulations that could adversely impact
the Company’s financial condition and results of operations.
The Company’s businesses are subject to various federal, state and local laws, regulations and administrative
practices. These laws require the Company to comply with numerous provisions regulating health and sanitation
20