ServiceMagic 2014 Annual Report Download - page 26

Download and view the complete annual report

Please find page 26 of the 2014 ServiceMagic annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 144

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144

Table of Contents
security standards, industry self-regulating principles that have become standard practice and more stringent contractual protections (and related
compliance obligations) regarding privacy and data security.
In addition, if an online service provider fails to comply with its privacy policy, it could become subject to an investigation and/or proceeding
for unfair or deceptive practices brought by the U.S. Federal Trade Commission under the Federal Trade Commission Act (and/or brought by a state
attorney general pursuant to a similar state law), as well as a private lawsuit under various U.S. federal and state laws. Similarly, in the European
Union, the online service provider could become subject to an investigation and/or proceeding for the violation of the data protection laws and
regulations brought by a member state or its supervisory authority (an independent body charged with monitoring compliance with data protection
laws), as well as private causes of action under the EU Directive. In general, personal information is increasingly subject to legislation and
regulation in numerous jurisdictions around the world (particularly in the European Union), the intent of which is to protect the privacy of personal
information that is collected, processed and transmitted in or from the governing jurisdiction.
U.S. and foreign legislators and regulators may enact new laws and regulations regarding privacy and data security. For example, in May
2014, the White House released a review of "big data" practices, which called for an update to U.S. privacy laws based on the proposed Consumer
Privacy Bill of Rights released by the White House in February 2012 and the enactment of a federal data breach notification law. In addition, in
February 2013 the U.S. Federal Trade Commission issued a report seeking changes in Internet and mobile privacy protection and disclosures.
Similarly, new privacy laws and regulations at the state level, as well as new laws and directives abroad (particularly in the European Union), are
being proposed and implemented. For example, legislation in the state of California that became effective on January 1, 2014 requires companies
that collect personal information to disclose how they respond to web browser “Do Not Track” signals and the European Union is in the process of
adopting new guidelines for data protection and privacy to address recent globalization and technological developments, which will supersede the
EU Directive. In addition, existing privacy laws that were intended for brick-and-mortar businesses could be interpreted in a manner that would
extend their reach to our businesses. New laws and regulations (or new interpretations of existing laws) in this area may make it more costly to
operate our businesses and/or limit our ability to engage in certain types of activities, such as targeted advertising, which could adversely affect our
business, financial condition and results of operations.
As privacy and data protection have become more sensitive issues, we may also become exposed to potential liabilities as a result of differing
views on the privacy of consumer and other user data collected by our businesses. Also, we cannot guarantee that our security measures will
prevent security breaches. In the case of security breaches involving personal credit card data, credit card companies could curtail our ability to
transact payments and impose fines for failure to comply with Payment Card Industry (PCI) Data Security Standards. Moreover, any such breach
could decrease consumer confidence in the case of the business that experienced the breach or our businesses generally, which would decrease
traffic to (and in turn, usage and transactions on) the relevant website and/or our various websites and which in turn, could adversely affect our
business, financial condition and results of operations. The failure of any of our businesses, or their various third party vendors and service
providers, to comply with applicable privacy policies, federal, state or foreign privacy laws and regulations or PCI standards, as well as the
unauthorized release of personal information or other user data for any reason, could adversely affect our business, financial condition and results of
operations.
We may not be able to protect our systems, infrastructures and technologies from cyber attacks. In addition, we may be adversely impacted by
cyber attacks experienced by third parties. Any disruption of our systems, infrastructures and technologies, or compromise of our user data or
other information, due to cyber attacks could have an adverse effect on our business, financial condition and results of operations.
The incidence of malicious technology-related events, such as cyber attacks, computer hacking, computer viruses, worms or other destructive
or disruptive software, distributed denial of service attacks or other malicious activities (or any combination of these events) is on the rise
worldwide. From time to time, we may become the victim of these types of attacks.
While we continuously develop and maintain systems to detect and prevent events of this nature from impacting our various businesses, these
efforts are costly and require ongoing monitoring and updating as technologies change and efforts to overcome preventative security measures
become more sophisticated. Despite our efforts, we cannot assure you that these events will not occur in the future and if they do occur, will not
have an adverse effect on our business, financial condition and results of operations.
Furthermore, we may become the victim of security breaches, such as the misappropriation, misuse, leakage, falsification or accidental release
or loss of user, customer or vendor data maintained in our information technology systems or those of third parties with whom we do business (or
upon whom we otherwise rely in connection with our day to day operations).
16