third party systems upon which we rely are also subject to damage, interruption or
shutdown from a number of causes, including computer viruses, malware, phishing or distributed denial-of-service attacks, security breaches or cyber-attacks, which could lead to delays in our business operations or subject us to liability and, if
significant or extreme, affect our results of operations. In addition, any interruption in the operation of our website or information technology systems could cause us to suffer reputational harm or to lose sales.
Unauthorized disclosure of personal or
sensitive data or confidential information, whether through a breach of our computer or information technology systems or otherwise, could severely hurt our business.
Some aspects of our business involve the collection, receipt, use,
storage, processing and transmission of personal information, including that of our customers’ and end-users of our customers’ solar energy systems, website visitors, employees, contract manufacturers and other third parties. We may collect
personal information, including names, addresses, e-mail addresses, credit information, and energy production statistics and consumer preferences, some of which is entrusted to third party service providers. We increasingly rely on commercially
available systems, software, tools (including encryption technology) and monitoring technologies to provide security and oversight for processing, transmission, storage and protection of confidential information and personal data. Despite the
security measures we have in place, our facilities and systems, and those of third parties with which we do business, may be vulnerable to security breaches, acts of vandalism and theft (including misappropriation of our financial resources),
computer viruses, misplaced or lost data, programming and/or human errors, or other similar events, and an inadvertent or unauthorized use or disclosure could occur or third parties could gain unauthorized access to this type of confidential
information and personal data.
Electronic security attacks designed to gain access to personal,
sensitive or confidential data by breaching mission critical systems of large organizations are constantly evolving, and high profile electronic security breaches leading to unauthorized disclosure of confidential information or personal data
have occurred recently at a number of major U.S. companies.
Despite our precautions, an electronic security breach in our
systems (or in the systems of third parties with which we do business) that results in the unauthorized release of personally identifiable information regarding customers, employees or other individuals or other sensitive data could nonetheless
lead to a serious disruption of our operations, financial losses from remedial actions, loss of business or potential liability, including possible punitive damages. As a result of such a breach, we could also be subject to demands, claims and
litigation by private parties, and investigations, related actions and penalties by regulatory authorities. Moreover, we could incur significant costs in notifying affected persons and entities and otherwise complying with the multitude of
foreign, federal, state and local laws and regulations relating to the unauthorized access to, or use or disclosure of, personal information. In addition, any perceived or actual unauthorized access to, or use or disclosure of, such information
could harm our reputation, substantially impair our ability to attract and retain customers and have an adverse impact on our business, financial condition and results of operations.
Finally, as the regulatory environment relating to our obligations
to protect such sensitive data becomes increasingly rigorous, with continually developing and growing requirements applicable to our business, compliance with those requirements could result in additional costs. A material failure on our part to
comply with such requirements could subject us to regulatory sanctions, including fines and potentially lawsuits. Any of the foregoing could have a material adverse effect on our business, financial condition, results of operations and prospects.
Failure to comply with current or future
federal, state, local and foreign laws and regulations and industry standards relating to privacy, data protection and consumer protection, or the expansion of current or the enactment of new laws or regulations relating to privacy, data
protection and consumer protection, as well as our actual or perceived failure to comply with such laws and regulations could adversely affect our business, financial condition, results of operations and prospects.
There are numerous federal, state, local and foreign laws regarding
privacy and the collection, processing, storing, sharing, disclosing, using and protecting of personal information and other data. We are also subject to specific contractual requirements contained in agreements with third parties governing our
use and protection of personal information and other data. We generally comply with industry standards and are subject to the terms of our privacy policy and the privacy- and security-related obligations agreed to with third parties. We strive to
comply with applicable laws, policies, legal obligations and industry standards relating to privacy and data protection, to the extent possible. However, it is possible that these obligations may be interpreted and applied in new ways or in a
manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. Additionally, new laws or regulations could be enacted with which we are not familiar or with which our practices do not comply.