Risk Factors Dashboard

We recognize the importance of identifying, assessing and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.

Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a multi-faceted approach including third party assessments, internal IT controls, governance, risk and compliance reviews.

The Company’s failure to protect personal information adequately and breaches in cyber security and data protection could have an adverse effect on its business.

A wide variety of provincial, state, national, and international laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, and other processing of personal data. These data protection and privacy-related laws and regulations are evolving and being tested in courts and may result in ever-increasing regulatory and public scrutiny as well as escalating levels of enforcement and sanctions. Any actual or perceived loss, improper retention or misuse of certain information or alleged violations of laws and regulations relating to privacy, data protection and data security, and any relevant claims, could result in enforcement action against the Company, including fines, imprisonment of company officials and public censure, claims for damages by customers and other affected individuals, damage to the Company’s reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have an adverse effect on the Company’s operations, financial performance, and business. Evolving and changing definitions of personal data and personal information, within the European Union, the United States, and elsewhere, especially relating to classification of IP addresses, machine identification, location data, and other information, may limit or inhibit the Company’s ability to operate or expand its business, including limiting strategic partnerships that may involve the sharing of data. Any perception of privacy or security concerns or an inability to comply with applicable laws, regulations, policies, industry standards, contractual obligations or other legal obligations, even if unfounded, may result in additional cost and liability to the Company, harm its reputation and inhibit adoption of its products by current and future customers, and adversely affect the Company’s business, financial condition, and operating results.

The Company has implemented and maintained security measures intended to protect personally identifiable information. However, the Company’s security measures remain vulnerable to various threats posed by hackers and criminals. If the Company’s security measures are overcome and any personally identifiable information that the Company collect or store becomes subject to unauthorized access, it may be required to comply with costly and burdensome breach notification obligations. The Company may also be subject to investigations, enforcement actions and private lawsuits. In addition, any data security incident is likely to generate negative publicity and have a negative effect on the Company’s business.

We believe we maintain an information technology and cybersecurity program appropriate for a company our size, taking into account our operations and risks. We are committed to cybersecurity and vigilantly protecting all our resources and information from unauthorized access. Our cybersecurity approach incorporates external resources to manage and monitor the evolving threat landscape, effective board oversight of cybersecurity risks and knowledgeable teams responsible for preventing and detecting cybersecurity risks.