Our facilities or operations could be damaged or adversely affected as a result of prolonged power outages, natural disasters and other catastrophic events.
Our facilities or operations could be adversely affected by power outages as well as events outside of our control, such as natural disasters and other calamities. We cannot assure you that any backup systems will be adequate to protect us from the effects of fire, floods, typhoons, earthquakes, power loss resulting from such natural disasters, telecommunications failures, break-ins, war, riots, terrorist attacks or similar events. Any of the foregoing events may give rise to interruptions, breakdowns, system failures, technology platform failures or internet failures, which could cause delays in development and fabrication, the loss or corruption of data or malfunctions of software or hardware as well as adversely affect our ability to provide services. A significant power outage may disrupt our operations and could have a material adverse impact on our business, financial condition, results of operations and cash flows
Further, the British National Grid recently warned that the United Kingdom, where we have significant operations, could face planned power cuts to homes and businesses throughout the winter of 2022 and 2023 if the country is unable to import electricity from Europe and it struggles to attract enough gas imports to fuel its gas-fired power plants. A significant power outage could have a material adverse impact on our business, financial condition, results of operations and cash flows.
Risks Related to Litigation and Government Regulation
We are subject to stringent and evolving U.S. state, federal and foreign laws and regulations, rules, contractual obligations, policies and other obligations related to privacy, data use and security. Our actual or perceived failure to comply with such obligations could lead to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; loss of customers or sales; and otherwise could adversely affect us and our business.
In the ordinary course of business, we collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, and share (collectively, “processing”) personal data and other sensitive information, including proprietary and confidential business data, trade secrets, and intellectual property. We are, therefore, subject to numerous data privacy and security obligations, such as state and federal laws and regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements, and other obligations related to privacy, data use and security.
In the United States, federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws). In addition, several states have enacted privacy or security breach legislation requiring varying levels of consumer notification in the event of a security breach. For example, the California Consumer Privacy Act (“CCPA”), applies to personal information of consumers, business representatives, and employees, and requires businesses to provide specific disclosures in privacy notices and grants consumers resident in California new rights with respect to the collection of their personal data. The CCPA provides for civil penalties of up to $7,500 per violation and allows private litigants affected by certain data breaches to recover significant statutory damages. In addition, the California Privacy Rights Act of 2020 (“CPRA”) expands the CCPA’s requirements, including by adding a new right for individuals to correct their personal information and establishing a new regulatory agency to implement and enforce the law. Several other states such as Virginia and Colorado, have also passed comprehensive privacy laws, and similar laws are being considered in several other states, as well as at the federal and local levels. These developments further complicate compliance efforts, and increase legal risk and compliance costs for us, and the third parties upon whom we rely.
Outside of the United States, foreign governments are raising similar privacy and data security concerns. In particular, the United Kingdom’s GDPR (“UK GDPR”) imposes strict requirements for processing personal data. For example, under the UK GDPR, companies may face temporary or definitive bans on data processing and other corrective actions; fines of up to 17.5 million pounds or 4% of annual global revenue, whichever is greater;
43