when new features or capabilities are released, theft, and inadvertent release of information. Our technology and information systems may be subject to computer viruses or malicious code, break-ins, phishing impersonation attacks, attempts to overload our servers with denial-of-service or other attacks, ransomware, and similar incidents or disruptions from unauthorized use of our computer systems, as well as unintentional incidents causing data leakage, any of which could lead to interruptions, delays, or website or mobile app shutdowns. We have implemented various measures to manage and mitigate risks related to technology systems and network disruption. We believe that these preventative actions provide us with adequate measures of protection against security breaches and work to reduce technology disruptions and cybersecurity risks. However, given the unpredictability of the timing, nature and scope of technology security incidents and disruptions, our business has been, and could potentially be, subject to security breaches, theft, other manipulation or improper use of our systems and networks. We have experienced, and could experience in the future, actual or attempted cyberattacks of our information technology systems or networks, yet none of these actual or attempted cyber-attacks has had a material effect on our operations or financial condition. For example, in 2018 we were subject to a phishing attack, which resulted in an unauthorized third party accessing our servers, and we could experience similar incidents in the future, particularly as hackers utilize increasingly sophisticated measures to bypass information security systems. [Further, any failure by our hosting and support partners or other third-party service providers in the performance of their services could materially harm our business. If we fail to assess and identify cybersecurity risks associated with new initiatives or acquisitions, we may become increasingly vulnerable to such risks. There can be no assurance that we will be able to prevent, detect and adequately address or mitigate such cyber-attacks or security breaches. Any such breach could have a material adverse effect on our operations and our reputation and could cause irreparable damage to us or our systems, regardless of whether we or our third-party providers are able to adequately recover critical systems following a systems failure. Additionally, if any person, including any of our employees or those with whom we share such information, negligently disregards or intentionally breaches our established controls with respect to our client, customer or employee data, or otherwise mismanages or misappropriates that data, we could be subject to significant monetary damages, litigation, regulatory enforcement actions, fines and/or criminal prosecution in one or more jurisdictions. We could also experience financial losses from remedial actions, any of which could have a material adverse effect on our competitive position, financial condition, reputation or results of operations. While we maintain cybersecurity insurance coverage that we believe is adequate for our business, such coverage may not cover all potential costs and expenses associated with any security incidents that may occur in the future. Compliance with regulations relating to data privacy could increase our costs and adversely affect our business. We are subject to numerous federal, state, local and foreign laws, rules, and regulations relating to the collection, processing, storing, sharing, disclosure, use, and security of personal information and other data. We are also potentially subject to specific contractual requirements contained in agreements with third parties governing our use and protection of personal information and other data. We strive to comply with applicable laws, policies, legal, and contractual obligations and industry standards relating to privacy and data protection, to the extent possible. Nevertheless, such laws, regulations, and other obligations may require us to change our business practices and may negatively impact our ability to expand our business and pursue business opportunities. We may incur significant expenses to comply with the laws, regulations, and other obligations that apply to us. Additionally, the privacy- and data protection-related laws, rules, and regulations applicable to us may be interpreted and applied in new ways or in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. Further, new laws, rules, and regulations could be enacted with which we are not familiar or with which our practices do not comply. Several jurisdictions have passed new laws and regulations in this area that apply to us now or may apply in the future as we grow and expand, and other jurisdictions are considering imposing additional restrictions. Examples include the California Consumer Privacy Act (the “CCPA”), which came into effect on January 1, 2020, and the 30
RkJQdWJsaXNoZXIy MTc1MzI0Mw==