The processing, storage, sharing, use, disclosure and protection of personal data could give rise to liabilities as a result of governmental regulation, conflicting legal requirements or differing views of personal privacy rights.
Through our company’s operations, sales and marketing activities, it collects and stores certain non-public personal information related to its customers. Our company also gathers and retains information about employees in the normal course of business. Our company may share information about such persons with vendors, contractors and other third-parties that assist with certain aspects of its business. The collection, storage, sharing, use, disclosure and protection of this information are governed by the privacy and data security policies maintained by these businesses. Moreover, there are federal, state and international laws regarding privacy and the collection, storage, sharing, use, disclosure and protection of personally identifiable information and user data, including regulations specific to GCI’s operations as a telecommunications carrier or video service provider. Specifically, personally identifiable information is increasingly subject to changing legislation and regulations, in numerous jurisdictions around the world, which are intended to protect the privacy of personal information that is collected, processed and transmitted in or from the governing jurisdiction. Compliance with these laws and regulations may be onerous and expensive and may be inconsistent from jurisdiction to jurisdiction, further increasing the cost of compliance.
For example, California has enacted the CCPA, which, among other things, allows California consumers to request that certain companies disclose the types of personal information collected by such companies. The CCPA became effective on January 1, 2020. The California Attorney General has issued regulations and guidance regarding the law. In November 2020, California voters approved the CPRA, which amends and expands the CCPA and establishes the California Privacy Protection Agency to implement and enforce consumer privacy laws. Most of the CPRA’s provisions became effective on January 1, 2023. In addition, Maine, Virginia, Colorado, Utah, Connecticut, Oregon, Texas, Montana, Delaware, Florida, Iowa, Nebraska, New Hampshire and New Jersey enacted privacy and data protection laws in recent years. New privacy laws enacted in Tennessee, Indiana, Minnesota, Maryland, Kentucky and Rhode Island will take effect over the next two years. Other states in the U.S. are also separately proposing laws to regulate privacy and security of personal data. GCI’s failure, and/or the failure by the various third party vendors and service providers with which GCI does business, to comply with applicable privacy policies or federal or state laws or changes in applicable laws and regulations, or any compromise of security that results in the unauthorized release of personally identifiable information or other user data could damage GCI’s and our reputations and the reputation of their third party vendors and service providers, discourage potential users from trying their products and services and/or result in fines and/or proceedings by governmental agencies and/or consumers, any one or all of which could adversely affect GCI’s business, financial condition and results of operations and, as a result, our Company. In addition, we, our subsidiaries or our business affiliates may not have adequate insurance coverage to compensate for losses.
Increases in data usage on GCI’s wired and wireless networks may cause network capacity limitations, resulting in service disruptions, reduced capacity, or slower transmission speeds for GCI’s customers.
Video streaming services and peer-to-peer file sharing applications use significantly more bandwidth than traditional Internet activity such as web browsing and email. As use of these services continues to grow, GCI’s customers will likely use more bandwidth than in the past. Additionally, new wireless handsets and devices may place a higher demand for data on GCI’s wireless network. If this occurs, GCI could be required to make significant capital expenditures to increase network capacity in order to avoid service disruptions, service degradation, or slower transmission speeds for its customers. Alternatively, GCI could choose to implement network management practices to reduce the network capacity available to bandwidth-intensive activities during certain times in market areas experiencing congestion, which could negatively affect its ability to retain and attract customers in affected areas. While our company believes demand for these services may drive customers to pay for faster speeds, competitive or regulatory constraints may preclude GCI from recovering the costs of the necessary network investments, which could result in an adverse impact to its business, financial condition, and operating results.
Prolonged service interruptions or system failures could affect GCI’s business.
GCI relies heavily on its network equipment, communications providers, data, and software to support all of its functions. GCI relies on its networks and the networks of others for substantially all of its revenue. GCI is able to deliver services and serve its customers only to the extent that it can protect its network systems against damage from power or communication failures, computer viruses, natural disasters, unauthorized access, and other disruptions. While GCI endeavors to account for failures in the network by providing back-up systems and procedures, GCI cannot guarantee that these back-up systems and procedures will operate satisfactorily in an emergency. Disruption to its billing systems due to a failure of existing hardware and backup protocols could have an adverse effect on our company’s revenue and cash flow. Should GCI experience a prolonged failure, it could seriously jeopardize its ability to continue operations. In particular, should a significant service interruption occur,
