obligations and could also subject us to covenants or other restrictions that would impede our ability to flexibly operate our business.
Risks related to laws and regulations
The actual or perceived failure by us, our customers, partners or
vendors to comply with stringent and evolving privacy, data protection, and information security laws, regulations, standards, policies, and contractual obligations could harm our reputation and business or subject us to significant fines and
liability.
We receive, store, process, generate, use, and share personal information and other customer and user content necessary to provide
our service and ensure it is delivered effectively, to operate our business, for legal and marketing purposes, and for other business-related purposes. There are numerous federal, state, local, and international laws and regulations regarding
privacy, data protection, information security and the collection, storing, sharing, use, processing, transfer, disclosure, and protection of personal information and other content, the scope of which is changing, subject to differing applications
and interpretations and may be inconsistent among countries, or conflict with other rules. We are also subject to the terms of our privacy policies and contractual obligations to third parties related to privacy, data protection, and information
security. We strive to comply with applicable laws, certifications, documentation, publications, regulations, standards, policies and other obligations relating to privacy, data protection, and information security to the extent possible. Although
we endeavor to comply with applicable laws and our policies, publications, certifications, documentation, and other obligations, we may at times fail to do so or may be perceived to have failed to do so. Moreover, despite our efforts, we may not be
successful in achieving compliance if our employees, vendors or business partners do not comply with our policies, certifications, and documentation. Such actual or perceived failures in certain cases have subjected, and can subject, us to potential
international, local, state and federal legal or regulatory action, including in the event that our policies, certifications, and documentation are found or alleged to be inaccurate, incomplete, deceptive, unfair, or misrepresentative of our actual
practices. The regulatory framework for privacy and data protection worldwide is, and is likely to remain, uncertain for the foreseeable future, which we expect will increase our compliance costs and exposure to liability, and it is possible that
these or other actual or alleged obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. Increased usage of our services, novel uses of our
services, and additional awareness of Zoom and our brand stemming from the COVID-19 pandemic could make it more difficult for us to comply with our contractual obligations, our policies, our publications, our
certifications, our documentation, standards, regulations, and applicable laws related to privacy, data protection, and information security, and has and could result in greater public scrutiny of, press related to, or a negative perception of our
privacy, data protection, and information security practices. Any compliance failure, as well as greater public scrutiny of our privacy, data protection, and information security practices, could result in increased governmental and regulatory
scrutiny and litigation exposure, as well as material reputational harm, a loss of customer and user confidence and business, additional expenses, and other harm to our business.
For example, in June 2020 we received a grand jury subpoena from the Department of Justices U.S. Attorneys Office for EDNY, which requested information regarding our interactions with foreign
governments and foreign political parties, including the Chinese government, as well as information regarding storage of and access to user data, the development and implementation of Zooms privacy policies, and the actions we took relating to
the Tiananmen commemorations on Zoom. We have since received additional subpoenas from EDNY seeking related information. In July 2020, we received subpoenas from the Department of Justices U.S. Attorneys Office for the NDCA and the SEC.
Both subpoenas seek documents and information relating to various security, data protection and privacy matters, including our encryption, and our statements relating thereto, as well as calculation of usage metrics and related public statements. In
addition, the NDCA subpoena seeks information
S-35