LifeLock 2013 Annual Report Download - page 13

Download and view the complete annual report

Please find page 13 of the 2013 LifeLock annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 102

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102

timeliness. Many of the allegations in the FTC complaint, which accompanied the FTC Order, related to the inherent limitations of using credit report fraud
alerts as the foundation for identity theft protection. Because the injunctive provisions in the FTC Order are tied to these complaint allegations, these injunctive
provisions similarly relate significantly to our previous reliance on credit report fraud alerts as reflected in our advertising and marketing claims. The FTC
Order also imposes on us and Mr. Davis certain injunctive provisions relating to our data security for members’ personally identifiable information. At the
same time, we also entered into companion orders with 35 states’ attorneys general that impose on us similar injunctive provisions as the FTC Order relating
to our advertising and marketing of our identity theft protection services.
Our or Mr. Davis’ failure to comply with these injunctive provisions could subject us to additional injunctive and monetary remedies as provided
for by federal and state law. In addition, the FTC Order imposes on us and Mr. Davis certain compliance requirements, including the delivery of an annual
compliance report. We and Mr. Davis have timely submitted these annual compliance reports, but the FTC has not accepted or approved them to date. If the
FTC were to find that we or Mr. Davis have not complied with the requirements in the FTC Order, we could be subject to additional penalties and our
business could be negatively impacted.
The FTC Order provided for a consumer redress payment of $11 million, which we made in 2010 to the FTC for distribution to our members. The
FTC Order also provided for an additional consumer redress payment of $24 million, which was suspended based on our then-current financial condition on
the basis of financial information we submitted to the FTC. The FTC Order specifies that in the event the FTC were to find that the financial materials
submitted by us to the FTC at the time of the FTC Order were n ot truthful, accurate, and complete, the court order entering the settlement could be re-opened
and the suspended judgment in the amount of the additional $24 million would become immediately due in full.
On December 26, 2012, ID Analytics, along with eight other companies, received an information request from the FTC in conjunction with the
FTC’s policy study of the operation of the data broker industry. ID Analytics was advised that this request is not an investigation of its business practices but
will be the basis of consideration by the FTC whether to recommend to the Congress a legislative extension of FCRA-based consumer safeguards to the use of
consumer personal information in the non-FCRA context. Although ID Analytics believes that it is not engaged in data broker activities in any manner, ID
Analytics has indicated to the FTC that it will cooperate with the FTC’s study efforts by responding fully to the FTC’s information requests, and has done so
to date. On December 17, 2013, we met with FTC Staff, at their request, to discuss the ID Analytics positions with regard to the FTC’s data broker study. At
the meeting, we discussed a wide ranging number of matters, including industry conditions, the changing landscape relating to identity theft and fraud,
technological developments to address identity theft and fraud, as well as recent security breaches.
With the growing public concern regarding privacy and the collection, distribution, and use of consumer personal information, we believe we are in
an environment in which there is an increased regulatory scrutiny concerning data collection and use practices and the provision and marketing of services,
like ours, that seek to protect that information. We expect that kind of scrutiny to continue as the ma rketplace for services like ours continues to develop. In
addition, we believe there has been a recent increase in whistleblower claims made to regulatory agencies, including whistleblower claims made by former
employees, which we believe will likely continue, in part because of the provisions enacted by the Dodd-Frank Wall Street Reform and Consumer Protection
Act, or the Dodd-Frank Act, that may entitle persons who report alleged wrongdoing to the SEC to cash rewards. Often, the allegations underlying such claims
to regulatory agencies result in federal and state inquiries and investigations. On January 17, 2014, we met with FTC Staff, at our request, to discuss issues
regarding allegations that have been asserted in a whistleblower claim against us relating to our compliance with the FTC Order. Following this meeting, we
expect to receive either a formal or informal investigatory request from the FTC for documents and information regarding our policies, procedures, and
practices for our services and business activities. Given the heightened public awareness of data breaches and well as attention to identity theft protection
services like ours, it is also possible that the FTC, at any time, may commence an unrelated inquiry or investigation of our business practices and our
compliance with the FTC Order. We endeavor to comply with all applicable laws and believe we are in compliance with the requirements of the FTC Order. We
believe the increased regulatory scrutiny will continue in our industry for the foreseeable future and could lead to additional meetings or inquiries or
investigations by the agencies that regulate our business, including the FTC.

As of December 31, 2013, we employed 675 people. At that date, we had 528 employees in our consumer business, of which 226 were engaged in
member service and support, 102 in products and technology, 115 in marketing and strategic partnerships, and 85 in general and administration; and 147
employees in our enterprise business, of which 86 were engaged in information technology, product development, and sales and marketing, 43 in software
development and operations, and 18 in general and administration. We consider our relationship with our employees to be good, and none of our employees are
represented by a union in collective bargaining with us.

We employ a range of information technology solutions, controls, procedures, and processes to protect the confidentiality, integrity, and availability of
our critical assets, including our data and information technology systems. We have implemented a
10