prescribed form or the situation must qualify as an instance of implied consent or
other authorization set out in Canada’s Anti-Spam Legislation, or CASL. The penalties for non-compliance under CASL are significant and the regulator, the Canadian Radio- Television and Telecommunications Commission, is active with respect to
enforcement.
Although we are working to comply with those federal, state,
provincial and foreign laws and regulations, industry standards, governmental standards, contractual obligations and other legal obligations that apply to us, those laws, regulations, standards and obligations are evolving and may be modified,
interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another, other requirements or legal obligations, our practices or the features of our applications or platform. Any failure or
perceived failure by us or our contractors to comply with federal, state, provincial or foreign laws or regulations, industry standards, contractual obligations or other legal obligations, or any actual or suspected security incident, whether
or not resulting in loss of, unauthorized access to, or acquisition, alteration, destruction, release or transfer of PII or other data, may result in governmental enforcement actions and prosecutions, private litigation, fines and penalties or
adverse publicity and could cause employees, clients and consumers to lose trust in us, which could have an adverse effect on our reputation and business. Any inability or perceived inability (even if unfounded) on our part to adequately
address privacy, data protection, and information security concerns, or comply with applicable laws, regulations, policies, industry standards, governmental standards, contractual obligations, or other legal obligations, could result in
additional cost and liability to us, damage our reputation, inhibit sales, restrict our ability to utilize collected personal information, and adversely affect our business.
We also expect that there will continue to be new proposed laws,
regulations and industry standards concerning privacy, data protection and information security in the United States, Canada and other jurisdictions, and we cannot yet determine the impact such future laws, regulations and standards may have on
our business. Future laws, regulations, standards and other obligations, or amendments or changes in the interpretation of existing laws, regulations, standards and other obligations, could impair our or our clients’ ability to collect, use,
disclose or otherwise process information relating to employees or consumers, which could decrease demand for our applications, increase our costs and impair our ability to maintain and grow our client and consumer bases and increase revenue.
Such laws and regulations may require us to implement privacy and security policies, permit users to access, correct and delete personal information stored or maintained by such companies, inform individuals of security breaches that affect
their personal information, and, in some cases, obtain individuals’ consent to use PII or other data for certain purposes. In addition, a foreign government could require that any data collected in a country not be transferred or disseminated
outside of that country, or impose restrictions or conditions upon such dissemination, and we may face difficulty in complying with any such requirements for certain geographic regions. Indeed, many privacy laws, such as those in force in
Canada, already impose these requirements. If we fail to comply with federal, state, provincial and foreign data privacy laws and regulations, our ability to successfully operate our business and pursue our business goals could be harmed.
Furthermore, due to our acceptance of credit cards, we are subject to the Payment Card Industry Data Security Standard (also known as the “PCI-DSS”), which is designed to protect the information of credit card users.
In the event our determinations are challenged and found to have
been incorrect, we may be subject to unfavorable publicity or claims by one or more state attorneys general, federal regulators, or private plaintiffs, any of which could damage our reputation, inhibit sales and adversely affect our business.
Governmental regulation of the internet
continues to develop, and unfavorable changes could substantially harm our business and operating results.
We are subject to general business regulations and laws as well as
federal, state, provincial and foreign laws specifically governing the internet. Existing and future laws and regulations, narrowing of any existing legal safe harbors, or previous or future court decisions may impede the growth of the internet
or online products and solutions, and increase the cost of providing online products and solutions. These laws may govern, among other issues, taxation, tariffs, user privacy, data protection, pricing, content, copyrights, distribution,
electronic contracts and other communications, consumer protection, broadband residential internet access and the characteristics and quality of offerings. It is not clear how existing laws governing issues such as property ownership, sales,
use and other taxes, libel and personal privacy apply to the internet or online services. There is also a risk that these laws may be