Home » HR Block Annual Reports » 2016 Annual Report - page 17

HR Block 2016 Annual Report Download - page 17

Download and view the complete annual report

Please find page 17 of the 2016 HR Block annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

H&R Block, Inc. | 2016 Form 10-K 9

and disclose their consumer privacy notice and generally provide consumers with a reasonable opportunity to "opt-

out" of having nonpublic personal information disclosed to unaffiliated third parties. Numerous jurisdictions have

passed new laws related to the use and retention of consumer information and this area continues to be an area of

interest for U.S. federal, state, and foreign governmental authorities. All of these laws may be interpreted and applied

inconsistently from jurisdiction to jurisdiction, and our current data protection policies and practices may not be

consistent with all of those interpretations and applications. In addition, changes in U.S. federal and state regulatory

requirements, as well as requirements imposed by governmental authorities in foreign jurisdictions in which we

operate, could result in more stringent requirements and in a need to change business practices, including the types

of information we can use and the manner in which we can use such information. Establishing systems and processes

to achieve compliance with these new requirements may increase our costs or limit our ability to pursue certain

business opportunities.

A security breach of our systems, or third party systems on which we rely, resulting in unauthorized access to

personal client information may adversely affect the demand for our services and products, our reputation, and

financial performance.

We offer a range of services and products to our clients, including assisted and DIY tax return preparation services

and products, and financial products and services. Due to the nature of these services and products, we use multiple

digital technologies to collect, transmit, and store high volumes of personal client information. Information security

risks to companies that use digital technologies continue to increase due in part to the increased adoption of and

reliance upon these technologies by companies and consumers. Our risk and exposure to these matters remain

heightened due to a variety of factors including, among other things, the evolving nature of these threats and related

regulation, the increased sophistication of organized crime, cyber criminals and hackers, the prominence of our brand,

our and our franchisees' extensive office footprint, our plans to continue to implement our DIY strategies for our

online and mobile applications and our desktop software, and our use of third party vendors.

Cybersecurity risks may result from fraud or malice (a cyber attack), human error, or accidental technological failure.

Cyber attacks are designed to electronically circumvent network security for malicious purposes such as unlawfully

obtaining personal client information, disrupting our ability to offer services, damaging our brand and reputation,

stealing our intellectual property, and advancing social or political agendas. We face a variety of cyber attack threats

including computer viruses, malicious codes, worms, phishing attacks, social engineering, denial of service attacks,

and other sophisticated attacks.

We maintain multiple levels of protection in order to address or otherwise mitigate the risk of a security breach.

We regularly test our systems to discover and address potential vulnerabilities. Due to the structure of our business

model, we also rely on our franchisees and other private and governmental third parties to maintain secure systems

and respond to cybersecurity risks. Cybersecurity and the continued development and enhancement of our controls,

processes, and practices designed to protect our systems, computers, software, data, and networks from attack,

damage, or unauthorized access remain a high priority for us. As risks and regulations continue to evolve, we may be

required to expend significant additional resources to continue to modify or enhance our protective measures or to

investigate and remediate any information security vulnerabilities. Notwithstanding these efforts, there can be no

assurance that a security breach, intrusion, or loss or theft of personal client information will not occur.

A breach of our security measures or those of our franchisees or third parties on whom we rely, or other fraudulent

activity, could result in unauthorized access to personal client information. If such an event were to occur, it could

have serious short and long term negative consequences. Security breach remediation could require us to expend

significant resources to notify or assist impacted clients, repair damaged systems, implement improved information

security measures, and maintain client and business relationships. Other consequences could include reduced client

demand for our services and products, loss of valuable intellectual property, reduced growth and profitability and

negative impacts to future financial results, loss of our ability to deliver one or more services or products (e.g., inability

to provide financial transaction services or to accept and process client credit card orders or tax returns), litigation,

harm to our reputation and brands, fines, penalties, and other damages, and further regulation and oversight by U.S.

federal, state, or foreign governmental authorities.

A security breach or other unauthorized access to our systems could have a material adverse effect on our business

and our consolidated financial position, results of operations, and cash flows.