Expedia 2014 Annual Report Download - page 30

Download and view the complete annual report

Please find page 30 of the 2014 Expedia annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 137

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137

frequently, often are not recognized until launched against a target and may originate from less regulated and
remote areas around the world, we may be unable to proactively address these techniques or to implement
adequate preventive measures. Security breaches could result in negative publicity, damage to reputation,
exposure to risk of loss or litigation and possible liability due to regulatory penalties and sanctions. Security
breaches could also cause travelers and potential users and our business partners to lose confidence in our
security, which would have a negative effect on the value of our brands. Failure to adequately protect against
attacks or intrusions, whether for their own systems or systems of vendors, could expose us to security breaches
that could have an adverse impact on financial performance.
In addition, no assurance can be given that we have backup systems or contingency plans for all critical
aspects of our operations or business processes, many other systems are not fully redundant and our disaster
recovery or business continuity planning may not be sufficient. Fire, flood, power loss, telecommunications
failure, break-ins, earthquakes, acts of war or terrorism, acts of God, computer viruses, electronic intrusion
attempts from both external and internal sources and similar events or disruptions may damage or impact or
interrupt computer or communications systems or business processes at any time. Although we have put
measures in place to protect certain portions of our facilities and assets, any of these events could cause system
interruption, delays and loss of critical data, and could prevent us from providing services to our travelers and/or
third parties for a significant period of time. Remediation may be costly and we may not have adequate insurance
to cover such costs. Moreover, the costs of enhancing infrastructure to attain improved stability and redundancy
may be time consuming and expensive and may require resources and expertise that are difficult to obtain.
We process, store and use personal information, payment card information and other consumer data,
which subjects us to risks stemming from possible failure to comply with governmental regulation and
other legal obligations.
We may acquire personal or confidential information from users of our websites and mobile applications.
There are numerous laws regarding privacy and the storing, sharing, use, processing, disclosure and protection of
personal information, payment card information and other consumer data, the scope of which are changing,
subject to differing interpretations, and may be inconsistent between countries or conflict with other rules. We
strive to comply with all applicable laws, policies, legal obligations and industry codes of conduct relating to
privacy and data protection. It is possible, however, that these obligations may be interpreted and applied in a
manner that is inconsistent from one jurisdiction to another and may conflict with other rules or the practices of
the companies. Any failure or perceived failure by us, or our service providers, to comply with the privacy
policies, privacy-related obligations to users or other third parties, or privacy related legal obligations, or any
compromise of security that results in the unauthorized release or transfer of personally identifiable information,
payment card information or other consumer data, may result in governmental enforcement actions, litigation or
public statements against the company by consumer advocacy groups or others and could cause our customers
and members to lose trust in the company, as well as subject us to bank fines, penalties or increased transaction
costs, all of which could have an adverse effect on our business.
The regulatory framework for privacy issues worldwide is currently in flux and is likely to remain so for the
foreseeable future. Practices regarding the collection, use, storage, transmission and security of personal
information by companies operating over the internet have recently come under increased public scrutiny. The
U.S. Congress and federal agencies, including the Federal Trade Commission and the Department of Commerce,
are reviewing the need for greater regulation for the collection and use of information concerning consumer
behavior on the internet, including regulation aimed at restricting certain targeted advertising practices. U.S.
courts are also considering the applicability of existing federal and state statutes, including computer trespass and
wiretapping laws, to the collection and exchange of information online. In addition, the European Union is in the
process of proposing reforms to its existing data protection legal framework, which may result in a greater
compliance burden for companies, including Expedia, with users in Europe and increased costs of compliance.
Finally, countries in other regions, most notably Asia, Eastern Europe and Latin America, are increasingly
implementing new privacy regulations, resulting in additional compliance burdens and uncertainty as to how
some of these laws will be interpreted.
26