Yahoo 2012 Annual Report Download - page 33

Download and view the complete annual report

Please find page 33 of the 2012 Yahoo annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 144

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144

there is a security breach for personal data, such as California’s Information Practices Act. We face similar risks
in international markets where our products and services are offered. Any failure, or perceived failure, by us to
comply with or make effective modifications to our policies, or to comply with any federal, state, or international
privacy, data-retention or data-protection-related laws, regulations, orders or industry self-regulatory principles
could result in proceedings or actions against us by governmental entities or others, a loss of user confidence,
damage to the Yahoo! brands, and a loss of users, advertising partners, or Affiliates, any of which could
potentially have an adverse effect on our business.
In addition, various federal, state and foreign legislative or regulatory bodies may enact new or additional laws
and regulations concerning privacy, data-retention and data-protection issues, including laws or regulations
mandating disclosure to domestic or international law enforcement bodies, which could adversely impact our
business, our brand or our reputation with users. The interpretation and application of privacy, data protection
and data retention laws and regulations are often uncertain and in flux in the U.S. and internationally. These laws
may be interpreted and applied inconsistently from country to country and inconsistently with our current
policies and practices, complicating long-range business planning decisions. If privacy, data protection or data
retention laws are interpreted and applied in a manner that is inconsistent with our current policies and practices
we may be fined or ordered to change our business practices in a manner that adversely impacts our operating
results. Complying with these varying international requirements could cause us to incur substantial costs or
require us to change our business practices in a manner adverse to our business.
If our security measures are breached, our products and services may be perceived as not being secure, users
and customers may curtail or stop using our products and services, and we may incur significant legal and
financial exposure.
Our products and services involve the storage and transmission of Yahoo!’s users’ and customers’ personal and
proprietary information in our facilities and on our equipment, networks and corporate systems. Security
breaches expose us to a risk of loss of this information, litigation, remediation costs, increased costs for security
measures, loss of revenue, damage to our reputation, and potential liability. Our user data and corporate systems
and security measures have been and may in the future be breached due to the actions of outside parties
(including cyber attacks), employee error, malfeasance, a combination of these, or otherwise, allowing an
unauthorized party to obtain access to our data or our users’ or customers’ data. Additionally, outside parties may
attempt to fraudulently induce employees, users, or customers to disclose sensitive information in order to gain
access to our data or our users’ or customers’ data.
Any breach or unauthorized access could result in significant legal and financial exposure, increased remediation
and other costs, damage to our reputation and a loss of confidence in the security of our products, services and
networks that could potentially have an adverse effect on our business. Because the techniques used to obtain
unauthorized access, disable or degrade service, or sabotage systems change frequently or may be designed to
remain dormant until a predetermined event and often are not recognized until launched against a target, we may
be unable to anticipate these techniques or implement adequate preventative measures. If an actual or perceived
breach of our security occurs, the market perception of the effectiveness of our security measures could be
harmed and we could lose users and customers.
Interruptions, delays, or failures in the provision of our services could damage our reputation and harm our
operating results.
Delays or disruptions to our service, or the loss or compromise of data, could result from a variety of causes,
including the following:
Our operations are susceptible to outages and interruptions due to fire, flood, earthquake, tsunami, other
natural disasters, power loss, equipment or telecommunications failures, cyber attacks, terrorist attacks,
political or social unrest, and other events over which we have little or no control. We do not have multiple site
capacity for all of our services and some of our systems are not fully redundant in the event of delays or
disruptions to service, so some data or systems may not be fully recoverable after such events.
19