Apple 2012 Annual Report Download - page 18

Download and view the complete annual report

Please find page 18 of the 2012 Apple annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 88

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88

preferences, tax identification numbers, and payment account information. Although malicious attacks to gain
access to PII affect many companies across various industries, the Company may be at a relatively greater risk of
being targeted because of its high profile and the amount of PII managed.
The Company requires user names and passwords in order to access its information technology systems. The
Company also uses encryption and authentication technologies to secure the transmission and storage of data.
These security measures may be compromised as a result of third-party security breaches, employee error,
malfeasance, faulty password management, or other irregularity, and result in persons obtaining unauthorized
access to Company data or accounts. Third parties may attempt to fraudulently induce employees or customers
into disclosing user names, passwords or other sensitive information, which may in turn be used to access the
Company’s information technology systems. To help protect customers and the Company, the Company
monitors accounts and systems for unusual activity and may freeze accounts under suspicious circumstances,
which may result in the delay or loss of customer orders.
The Company devotes significant resources to network security, data encryption, and other security measures to
protect its systems and data, but these security measures cannot provide absolute security. The Company may
experience a breach of its systems and may be unable to protect sensitive data. Moreover, if a computer security
breach affects the Company’s systems or results in the unauthorized release of PII, the Company’s reputation and
brand could be materially damaged and use of the Company’s products and services could decrease. The
Company would also be exposed to a risk of loss or litigation and possible liability.
The Company’s business is subject to a variety of U.S. and international laws, rules, policies and other
obligations regarding data protection.
The Company is subject to federal, state and international laws relating to the collection, use, retention, security
and transfer of PII. In many cases, these laws apply not only to third-party transactions, but also to transfers of
information between the Company and its subsidiaries, and among the Company, its subsidiaries and other
parties with which the Company has commercial relations. Several jurisdictions have passed new laws in this
area, and other jurisdictions are considering imposing additional restrictions. These laws continue to develop and
may be inconsistent from jurisdiction to jurisdiction. Complying with emerging and changing international
requirements may cause the Company to incur substantial costs or require the Company to change its business
practices. Noncompliance could result in penalties or significant legal liability.
The Company’s privacy policy and related practices concerning the use and disclosure of data are posted on its
website. Any failure by the Company, its suppliers or other parties with whom the Company does business to
comply with its posted privacy policy or with other federal, state or international privacy-related or data
protection laws and regulations could result in proceedings against the Company by governmental entities or
others.
The Company is also subject to payment card association rules and obligations under its contracts with payment
card processors. Under these rules and obligations, if information is compromised, the Company could be liable
to payment card issuers for the cost of associated expenses and penalties. In addition, if the Company fails to
follow payment card industry security standards, even if no customer information is compromised, the Company
could incur significant fines or experience a significant increase in payment card transaction costs.
The Company expects its quarterly revenue and operating results to fluctuate.
The Company’s profit margins vary among its products and its distribution channels. The Company’s software,
accessories, and service and support contracts generally have higher gross margins than certain of the Company’s
other products. Gross margins on the Company’s hardware products vary across product lines and can change
over time as a result of product transitions, pricing and configuration changes, and component, warranty, and
other cost fluctuations. The Company’s direct sales generally have higher associated gross margins than its
17