Apple 2013 Annual Report Download - page 19

Download and view the complete annual report

Please find page 19 of the 2013 Apple annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 96

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96

There may be breaches of the Company’s information technology systems that materially damage business
partner and customer relationships, curtail or otherwise adversely impact access to online stores and services, or
subject the Company to significant reputational, financial, legal, and operational consequences.
The Company’s business requires it to use and store customer, employee, and business partner personally
identifiable information (“PII”). This may include, among other information, names, addresses, phone numbers,
email addresses, contact preferences, tax identification numbers, and payment account information. Although
malicious attacks to gain access to PII affect many companies across various industries, the Company is at a
relatively greater risk of being targeted because of its high profile and the amount of PII it manages.
The Company requires user names and passwords in order to access its information technology systems. The
Company also uses encryption and authentication technologies to secure the transmission and storage of data and
prevent access to Company data or accounts. As with all companies, these security measures are subject to third-
party security breaches, employee error, malfeasance, faulty password management, or other irregularities. For
example, third parties may attempt to fraudulently induce employees or customers into disclosing user names,
passwords or other sensitive information, which may in turn be used to access the Company’s information
technology systems. To help protect customers and the Company, the Company monitors accounts and systems
for unusual activity and may freeze accounts under suspicious circumstances, which may result in the delay or
loss of customer orders.
The Company devotes significant resources to network security, data encryption, and other security measures to
protect its systems and data, but these security measures cannot provide absolute security. To the extent the
Company was to experience a breach of its systems and was unable to protect sensitive data, such a breach could
materially damage business partner and customer relationships, and curtail or otherwise adversely impact access
to online stores and services. Moreover, if a computer security breach affects the Company’s systems or results
in the unauthorized release of PII, the Company’s reputation and brand could be materially damaged, use of the
Company’s products and services could decrease, and the Company could be exposed to a risk of loss or
litigation and possible liability.
The Company’s business is subject to a variety of U.S. and international laws, rules, policies and other
obligations regarding data protection.
The Company is subject to federal, state and international laws relating to the collection, use, retention, security
and transfer of PII. In many cases, these laws apply not only to third-party transactions, but also to transfers of
information between the Company and its subsidiaries, and among the Company, its subsidiaries and other
parties with which the Company has commercial relations. Several jurisdictions have passed laws in this area,
and other jurisdictions are considering imposing additional restrictions. These laws continue to develop and may
be inconsistent from jurisdiction to jurisdiction. Complying with emerging and changing international
requirements may cause the Company to incur substantial costs or require the Company to change its business
practices. Noncompliance could result in penalties or significant legal liability.
The Company’s privacy policy and related practices concerning the use and disclosure of data are posted on its
website. Any failure by the Company, its suppliers or other parties with whom the Company does business to
comply with its posted privacy policy or with other federal, state or international privacy-related or data
protection laws and regulations could result in proceedings against the Company by governmental entities or
others.
The Company is also subject to payment card association rules and obligations under its contracts with payment
card processors. Under these rules and obligations, if information is compromised, the Company could be liable
to payment card issuers for associated expenses and penalties. In addition, if the Company fails to follow
payment card industry security standards, even if no customer information is compromised, the Company could
incur significant fines or experience a significant increase in payment card transaction costs.
17