DFIN 2017 Annual Report

Increasing regulatory focus on privacy issues and expanding laws could impact our software products and expose us to increased liability. Privacy and data security laws apply to our various businesses in all jurisdictions in which we operate. In particular, clients use our software services, including Venue datarooms, to share personal data and information on a confidential basis, and such sharing may be subject to privacy and data security laws. Our global business operates in countries that have more stringent data protection laws than those in the United States. These data protection laws may be inconsistent across jurisdictions and are subject to evolving and differing interpretations. New laws, such as the General Data Protection Regulation (“GDPR”) expected to go into effect in May 2018 in Europe, and industry self-regulatory codes have been or are being enacted to protect personal data. Complying with these regulations has been, and will continue to be, costly, and there are or will be significant penalties for failure to comply with these regulations, including significant penalties for failing to comply with GDPR. Further, any perception of our practices, products or services as a violation of individual privacy rights may subject us to public criticism, class action lawsuits, reputational harm, or investigations or claims by regulators, industry groups or other third parties, all of which could disrupt our business and expose us to liability. Transferring personal data and information across international borders is becoming increasingly complex. For example, Europe has stringent regulations regarding transfer of personal data and information. The mechanisms that we and many other companies rely upon for data transfers from Europe to the United States (e.g., Privacy Shield and Model Clauses) are being contested in the European court systems. We are closely monitoring developments related to requirements for transferring personal data and information. These requirements may result in an increase in the obligations required to provide our services in the EU or in sanctions and fines for non-compliance. Several other countries, including Australia and Japan, have also established specific legal requirements for cross-border transfers of personal information. These developments in Europe and elsewhere could harm our business, financial condition and results of operations. Adverse credit market conditions may limit our ability to obtain future financing. We may, from time to time, depend on access to credit markets. Uncertainty and volatility in global financial markets may cause financial markets institutions to fail or may cause lenders to hoard capital and reduce lending. As a result, we may not obtain financing on terms and conditions that are favorable to us, or at all. Fluctuations in the costs and availability of paper, ink, energy and other raw materials may adversely impact us. Increases in the costs of these inputs may increase our costs and we may not be able to pass these costs on to clients through higher prices. Moreover, rising raw materials’ costs, and any consequent impact on our pricing, could lead to a decrease in demand for our products and services. If we are unable to protect our proprietary technology and other rights, the value of our business and our competitive position may be impaired. If we are unable to protect our intellectual property, our competitors could use our intellectual property to market products and services similar to ours, which could decrease demand for our services. We rely on a combination of patents, trademarks, licensing and other proprietary rights laws, as well as third party nondisclosure agreements and other contractual provisions and technical measures, to protect our intellectual property rights. These protections may not be adequate to prevent our competitors from copying or reverse-engineering our technology and services to create similar offerings. Additionally, any of our pending or future patent applications may not be issued with the scope of protection we seek, if at all. The scope of patent protection, if any, we may obtain from our patent applications is difficult to predict and our patents may be found invalid, unenforceable or of insufficient scope to prevent competitors from offering similar services. Our competitors may independently develop technologies that are substantially equivalent or superior to our technology. To protect our proprietary information, we require employees, consultants, advisors, independent contractors and collaborators to enter into confidentiality agreements and maintain policies and procedures to limit access to our trade secrets and proprietary information. These agreements and the other actions we take may not provide meaningful protection for our proprietary information or know-how from unauthorized use, misappropriation or disclosure. Further, existing patent laws may not provide adequate or meaningful protection in the event competitors independently develop technology, products or services similar to ours. Even if the laws governing intellectual property rights provide protection, we may have insufficient resources to take the legal actions necessary to protect our interests. In addition, our intellectual property rights and interests may not be afforded the same protection under the laws of foreign countries as they are under the laws of the United States. 17