As part of our business we collect, store, process, transfer and dispose in tangible and electronic forms customer, consumer, vendor and employee personal information ("PI"). We and our vendors rely on processes that are intended to provide necessary notices, processes and controls regarding the collection, storage, processing and destruction of PI, and to permit subjects to exercise their legal rights concerning their PI in our possession. If those notices, processes or controls are not sufficient, or our processes or controls experience an error or other disruption, we or our vendors may fail to comply with applicable requirements concerning PI. In addition, we rely on the security of our facilities, networks, databases, systems, processes and controls, and, in certain circumstances, third parties, such as vendors, to protect PI. If such facilities, networks, databases, systems, processes and controls, or those of our customers or vendors, are not effective, are outdated or compromised, or do not exist, or if we, our customers or vendors fail to detect or respond to attacks or intrusions, unauthorized parties may gain access to our networks or databases or information, or those of our customers or vendors with which we interconnect or share information, and they may be able to steal, publish, delete, or modify PI. In addition, employees may intentionally or inadvertently process PI in an unauthorized manner or cause data or security breaches that result in unauthorized release of such PI. Further, our efforts to process, delete or destroy PI may not be consistent with our disclosed policies or may not be successful, resulting in the theft or unintentional disclosure of PI, including when disposing of media on which PI may be stored. In such circumstances, our business could be harmed and we could be liable to our customers, employees or vendors, or to regulators, consumers or other parties, as well as be subject to disclosure or notification requirements, and regulatory or other actions for breaching applicable laws, failing to make or provide required disclosures or notifications, or failing to adequately protect such information. This could result in costly investigations and litigation, civil or criminal penalties, large scale remediation requirements, operational changes or other response measures, significant penalties, fines, settlements, costs, consent orders, loss of consumer confidence in our security measures and negative publicity.