Restoration Hardware 2014 Annual Report Download - page 26

Download and view the complete annual report

Please find page 26 of the 2014 Restoration Hardware annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 128

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128

information systems are subject to damage or interruption from power outages, computer and telecommunications
failures, computer viruses, malicious software, phishing attacks and security breaches, including credit card
breaches. In addition, security breaches can also occur as a result of non-technical issues, including vandalism,
catastrophic events, and human error. Our operations may further be impacted by security breaches that occur at
third party vendors.
In order for our business to function successfully, we and other market participants must be able to handle
and transmit confidential information, including credit card information, securely. We became fully compliant
with Payment Card Industry, or PCI, Data Security Standards during the fourth quarter of fiscal 2014. There can
be no assurance that we will be able to operate our facilities and our customer service and sales operations in
accordance with PCI or other industry recommended practices in the future. We also expect to incur additional
expenses to maintain PCI compliance in the future. Further, there is increased litigation over personally
identifiable information and we may be subject to one or more claims or lawsuits related to intentional or
unintentional exposure of our customer’s personally identifiable information. Even though we are compliant with
such standards, we still may not be able to prevent security breaches involving customer transaction data.
Any breach could cause consumers to lose confidence in the security of our website and choose not to
purchase from us. If a computer hacker or other third party is able to circumvent our security measures, he or she
could destroy or steal valuable information or disrupt our operations. Because techniques used to obtain
unauthorized access or to sabotage systems change frequently and often are not recognized until launched against
a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. Any
security breach could expose us to risks of data loss, fines, litigation and liability and could seriously disrupt our
operations and harm our reputation, any of which could adversely affect our business. In addition to the
possibility of fines, lawsuits and other claims, we could be required to expend significant resources to change our
business practices or modify our service offerings in connection with the protection of personally identifiable
information, which could have a material adverse effect on our business.
In addition, we collect and store personal information from consumers in the course of doing business.
States and the federal government have enacted additional laws and regulations to protect consumers against
identity theft, including laws governing treatment of personally identifiable information. These laws have
increased the costs of doing business and, if we fail to implement appropriate safeguards or we fail to detect and
provide prompt notice of unauthorized access as required by some of these laws, we could be subject to potential
claims for damages and other remedies. If we were required to pay any significant amounts in satisfaction of
claims under these laws, or if we were forced to cease our business operations for any length of time as a result
of our inability to comply fully with any such law, our business, operating results and financial condition could
be adversely affected. We may also incur legal costs if we are required to defend our methods of collection,
processing, and storage of personal data. Investigations, lawsuits, or adverse publicity relating to our methods of
handling personal data could result in increased costs and negative market reaction.
Furthermore, data security breaches suffered by well-known companies and institutions have attracted a
substantial amount of media attention, prompting additional state and federal proposals addressing data privacy
and security. As the data privacy and security laws and regulations evolve, we may be subject to more extensive
requirements to protect the customer information that we process in connection with the purchases of our
products.
We currently maintain insurance to protect against cybersecurity risks and incidents. However, there can be
no assurance that such insurance coverage will be available in the future on commercially reasonable terms or at
commercially reasonable rates. In addition, insurance coverage may be insufficient or may not cover certain of
these cybersecurity losses and liability.
22