EFTA01377981.pdf

and maintain systems to protect the security. integrity and confidentiality of this information, but cannot guarantee that inadvertent or unauthorized use or disclosure will not occur or that third parties will not gain unauthorized access to this information despite our efforts. If any such event were to occur, we may not be able to remedy the event, and we may have to expend significant capital and resources to mitigate the impact of such an event, and to develop and implement protections to prevent future events of this nature from occurring. If a breach of our security (or the security of our vendors and partners) occurs. the perception of the effectiveness of our security measures and our reputation may be harmed, we could lose current and potential users and the recognition of our various brands and their competitive positions could be diminished, any or all of which could adversely affect our business. financial condition and results of operations. Unauthorized access of personal data could give rise to liabilities as a result of governmental regulation, conflicting legal requirements or differing views of personal privacy rights. Security breaches or other unauthorized access to. or the use or transmission of, personal user information could result in a variety of claims against us. including privacy-related claims. There are numerous laws in the countries in which we operate regarding privacy and the storage, sharing, use, processing, disclosure and protection of this kind of information, the scope of which are changing. inconsistent and conflicting and subject to diffenng interpretations. For example, the European Commission has proposed and is currently debating comprehensive privacy and data protection reforms in the European Union. certain developing countries in which we do business are currently considering adopting privacy and data 21 Table of Contents, protection laws and regulations, and legislative proposals concerning privacy and the protection of user information are often pending before the U.S. Congress and various U.S. state legislatures. While we believe that we comply with industry standards and applicable lavrs and industry codes of conduct relating to privacy and data protection, there is no assurance that we wit not be subject to claims that we have violated applicable laws or codes of conduct or that we will be able to successfully defend against such claims Any failure or perceived failure by us (or the third parties with whom we have contracted to store such information) to comply with applicable privacy laws, privacy policies or privacy-related contractual obligations or any compromise of security that results in unauthorized access to personal information may result in governmental enforcement actions, significant fines, litigation, claims of breach of contract and indemnity by third parties and adverse publiaty. In the case of such an event, our reputation may be harmed, we could lose current and potential users and the competitive positions of our various brands could be diminished, any or all of which could adversely affect our business, financial condition and results of operations. We are subject to a number of risks related to credit card payments, including data security breaches and fraud that we or third parties experience or additional regulation, any of which could adversely affect our business, financial condition and results of operations. We accept payment from our users primarily through credit card transactions and certain online payment service providers. The ability to access credit card information on a real time-basis without having to proactively reach out to the consumer each time we process an auto-renewal payment or a payment for the purchase of a premium feature on any of our dating products is critical to our success. When we or a third party experiences a data security breach invoNing credit card information, affected cardholders will often cancel their credit cards. In the case of a breach experienced by a third party, the more sizable the third party's customer base and the greater the number of credit card accounts impacted, the more likely it is that our users would be impacted by such a breach. To the extent our users are ever affected by such a breach experienced by us or a third party, affected users would need to be contacted to obtain new credit card information and process any pending transactions. It is likely that we would not be able to reach all affected users, and even if we could, some users new credit card information may not be obtained and some pending transactions may not be processed, which could adversely affect our business. financial condition and results of operations. Even if our users are not directly impacted by a given data security breach, they may lose confidence in the ability of service providers to protect their personal information generally, which could cause them to stop using their credit cards online and choose alternative payment methods that are not as convenient for us or restrict our ability to process payments without significant user effort. Additionally, if we fail to adequately prevent fraudulent credit card transactions, we may face fines, governmental enforcement action, civil liability, diminished public perception of our security measures, significantly higher credit card-related costs and substantial remediation costs, any of which could adversely affect our business, financial condition and results of operations. Finally, the passage or adoption of any legislation or regulation affecting the ability of service providers to periodically charge consumers for recurring membership payments may adversely affect our business, financial condition and results of operations. 22 Table of enntentc Inappropriate actions by certain of our users could be attributed to us and damage our brands' reputation, which in turn could adversely affect our business. The reputation of our brands may be adversely affected by the actions of our users that are deemed to be hostile, offensive, defamatory. inappropriate or unlawful. Mile we monitor and review the appropriateness of the content accessible through our dating products and have adopted policies regarding illegal or offensive use of our dating products, our users could nonetheless engage in activities that violate our policies. These safeguards may not be sufficient to avoid harm to our reputation and brands, especially if such hostile. offensive or inappropriate use is well-publicized. In addition, it is possible that a user of our products could be physically. financiagy. emotionally or otherwise harmed by an individual that such user met hap:vain& tec.gov An:laves eds.,' daW1575189,110011147469150031B,1 32226453n-Ial00411 920139:21:17 AM] CONFIDENTIAL - PURSUANT TO FED. R. CRIM. P. 6(e) DB-SDNY-0075141 CONFIDENTIAL SONY GM_00221325 EFTA01377981