undertaking from a financial, management, and personnel perspective. The implementation of the ERP system may prove to be more difficult, costly, or time consuming than expected, and it is possible that the system will not yield the benefits anticipated. Any disruptions, delays or deficiencies in the design and implementation of our new ERP system could adversely affect our ability to produce timely and accurate financial statements or comply with applicable regulations, resulting in negative impacts on our business and operations and subject us to potential liability. Additionally, our implementation of the ERP system involves greater utilization of third-party “cloud” computing services in connection with our business operations. Problems faced by us or our third-party providers, including technological or business-related disruptions, as well as cybersecurity threats, could adversely impact our business, results of operations and financial condition for future periods.
A cybersecurity incident could negatively impact our business and our relationships with customers, vendors and employees and expose us to increased liability.
Substantially all aspects of our business operations rely on digital technology. We use computers, mobile devices, social networking and other online platforms to connect with our employees and our customers. These uses give rise to cybersecurity risks, including security breach, espionage, system disruption, theft and inadvertent release of information. Our business involves the storage and transmission of numerous classes of sensitive and/or confidential information and intellectual property, including customers’ personal information, private information about employees, and financial and strategic information about the Company and its business partners. We also rely on a Payment Card Industry compliant third party to protect our customers’ credit card information.
We are regularly the target of attempted cyber intrusions, and we must commit substantial resources to continuously monitor and further develop our networks and infrastructure to prevent, detect, and address the risk of unauthorized access, misuse, computer viruses and other events. Our security programs and measures do not prevent all intrusions. Cyber intrusions require a significant amount of time and effort to assess and remedy, and our incident response efforts may not be effective in all cases. The theft, destruction, loss, misappropriation, or release of sensitive and/or confidential information or intellectual property, or interference with our information technology systems or the technology systems of third parties on which we rely, could result in business disruption, direct financial loss, negative publicity, brand damage, alleged violation of privacy laws, loss of customers, potential regulatory enforcement or private litigation liability and competitive disadvantage. While we do maintain insurance for cyber incidents, due to policy terms, limits and exclusions, it may not apply in all cases, and it may not be adequate to cover all liabilities incurred.
Further, as the Company pursues its strategy to grow through acquisitions, including our recent acquisition of Advanced Disposal, and to pursue new initiatives that improve our operations and cost structure, the Company is also expanding and improving its information technologies, resulting in a larger technological presence and corresponding exposure to cybersecurity risk. Certain new technologies, such as use of autonomous vehicles, remote-controlled equipment and virtual reality, present new and significant cybersecurity safety risks that must be analyzed and addressed before implementation. If we fail to assess and identify cybersecurity risks associated with acquisitions and new initiatives, we may become increasingly vulnerable to such risks.
Increasing regulatory focus on privacy and data protection issues and expanding laws could negatively impact our business, subject us to criticism and expose us to increased liability.
The legislative and regulatory framework for privacy and data protection issues worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. We collect certain personally identifiable information and other sensitive information as integral parts of our business and in connection with providing services to our customers. We are subject to a variety of laws and regulations that govern the collection and use of such information obtained from individuals and businesses. These laws and regulations are inconsistent across jurisdictions and are subject to evolving interpretations. Government officials, regulators, privacy advocates and class action attorneys are increasingly scrutinizing how companies collect, process, use, store, share and transmit personal data. We must continually monitor the development and adoption of new and emerging laws and regulations, such as the California Consumer Privacy Act (“CCPA”) that took effect on January 1, 2020. The CCPA, among other things, contains disclosure obligations for businesses that collect personal information about California residents and affords those individuals new rights relating to their personal information that can expand the scope of our potential liability. We must commit substantial time and resources toward compliance with