and evolving. For example, in June 2018, the State of California enacted the California Consumer Privacy Act (the “CCPA”), which became effective in January 2020, requiring companies that process information on California residents to, among other things, provide new disclosures and options to consumers about data collection, use and sharing policies. Our existing systems may be unable to satisfy changing regulatory requirements and employee and customer expectations, or may require significant additional investments or time to do so. Despite implementation of various measures designed to protect our information systems and records, including those we maintain with our service providers, we, the hotel managers and/or our third-party service providers may be subject to security breaches, system failures, viruses, operator error, unauthorized or inadvertent releases of data. A significant theft, loss, or fraudulent use of customer, employee, or company data maintained by us or by a service provider or failure to comply with the various U.S. and international laws and regulations applicable to the protection of such data, including the CCPA, or with Payment Card Industry (PCI) data security standards, could divert our attention, adversely impact our reputation, result in remedial and other fines or litigation, cause us to incur substantial liabilities or costs, result in a loss of valuable data, or a loss of consumer confidence. A breach in the security of our information systems or those of our service providers, or the unauthorized use of such data by us or our third-party providers, could lead to an interruption in the operation of our systems, resulting in operational inefficiencies and a loss of profits.
Cyber security incidents could have a disruptive effect on our business.
While we have implemented security measures to safeguard our systems and data, our measures or the measures of our service providers or hotel manager may not be sufficient to maintain the confidentiality, integrity, or availability of the data collected, stored, and used to manage our Gaylord Hotels properties. Efforts to hack or circumvent security measures, efforts to gain unauthorized access to data, failure of systems or software to operate as designed or intended, viruses, “ransomware” or other malware, “phishing” or other types of business email compromises, operator error, or inadvertent releases of data may materially impact our information systems and records of those of our owners, licensees, or service providers. Our reliance on computer, Internet-based, and mobile systems and communications, and the frequency and sophistication of efforts by third parties to gain unauthorized access to such systems, have greatly increased in recent years. Like most large multinational corporations, our hotel manager and its service providers have experienced cyber-attacks, and attempts to disrupt access to their systems and data or those of properties our hotel manager manages and the frequency and sophistication of such efforts could continue to increase. Although some of these efforts may not be successful or impactful, a significant theft, loss, loss of access to, or fraudulent use of guest, associate, owner, licensee, or company data could adversely impact our reputation and could result in remedial and other expenses, fines, or litigation. Depending on the nature and scope of the event, compromises in the security of our information systems or those of our owners, licensees, or service providers or other disruptions in data services could lead to an interruption in the operation of our systems or our hotel manager’s systems, resulting in operational inefficiencies and a loss of profits, and negative publicity, resulting in tangible adverse effects on our business, including consumer boycotts, cancellations, lost sales or litigation, all of which could affect our market share, reputation, business, financial condition, or results of operations. In addition, although we or our manager carry cyber/privacy liability insurance that is designed to protect us against certain losses related to cyber risks, that insurance coverage may not be sufficient to cover all losses or all types of claims that may arise in connection with cyber-attacks, security compromises, and other related incidents. Furthermore, in the future such insurance may not be available on commercially reasonable terms, or at all.
Our real estate assets are subject to numerous risks.
Because we own hotels and attractions properties, we are subject to the risks that generally relate to investments in real property. The investment returns available from equity investments in real estate depend in large part on the amount of income earned and capital appreciation generated by the related properties, as well as the expenses incurred. In addition, a variety of other factors affect income from properties and real estate values, including governmental regulations, insurance, zoning, tax and eminent domain laws, interest rate levels and the availability of financing. For example, new or existing real estate zoning or tax laws can make it more expensive and/or time-consuming to develop real property or expand, modify or renovate properties. When interest rates increase, the cost of acquiring, developing, expanding or renovating real property increases, particularly as the cost of borrowing increases, and real property values may decrease as the number of potential buyers decreases. Similarly, as financing becomes less available, it becomes more difficult both to acquire and to sell real property. Finally, governments can, under eminent domain laws, take real property.
