prevent data from being divulged, stolen or tampered with. Significant capital, managerial and human resources are required to comply with legal requirements, enhance information security and to
address any issues caused by security failures. If we are unable to protect our systems, hence the information stored in our systems, from unauthorized access, use, disclosure, disruption, modification or destruction, such problems or security
breaches could cause loss or give rise to our liabilities to the owners of confidential information, such as our users, customers, distributors and Baidu Union members, subject us to penalties imposed by administrative authorities, and disrupt our
operations. In addition, complying with various laws and regulations could cause us to incur substantial costs or require us to change our business practices, including our data practices, in a manner adverse to our business.
Furthermore, concerns have been expressed from time to time about whether our products, services or processes could compromise
the privacy of users and others. Concerns about our practices with regard to the collection, use, disclosure, or security of personal information or other privacy related matters, and any negative publicity on our information safety or privacy
protection mechanism and policy, even if unfounded, could damage our reputation and brand and adversely affect our business and results of operations.
If we fail to maintain an effective system of internal control over financial reporting, we may lose investor confidence in the
reliability of our financial statements.
We are subject to reporting obligations under the U.S. securities
laws. The SEC, as required by Section 404 of the Sarbanes-Oxley Act of 2002, adopted rules requiring every public company to include a management report on the companys internal control over financial reporting in its annual report, which
contains managements assessment of the effectiveness of our internal control over financial reporting. In addition, an independent registered public accounting firm must attest to and report on the effectiveness of our internal control over
financial reporting. We have been subject to these requirements since the fiscal year ended December 31, 2006.
management has concluded that our internal control over financial reporting was effective as of December 31, 2016. See Item 15. Controls and Procedures. Our independent registered public accounting firm has issued an
attestation report, which has concluded that our internal control over financial reporting was effective in all material aspects as of December 31, 2016. However, if we fail to maintain effective internal control over financial reporting in the
future, our management and our independent registered public accounting firm may not be able to conclude that we have effective internal control over financial reporting at a reasonable assurance level. This could in turn result in loss of investor
confidence in the reliability of our financial statements and negatively impact the trading price of our ADSs. Furthermore, we have incurred and anticipate that we will continue to incur considerable costs, management time and other resources in an
effort to comply with Section 404 and other requirements of the Sarbanes-Oxley Act.
We have limited business insurance
The insurance industry in China is still at a development stage. Insurance companies in China offer
limited business insurance products. We do not have any business liability or disruption insurance coverage for our operations in China. Any business disruption may result in our incurring substantial costs and the diversion of our resources.
We face risks related to health epidemics, severe weather conditions and other outbreaks.
Our business could be adversely affected by the effects of avian influenza, severe acute respiratory syndrome (SARS), the
influenza A virus, Ebola virus, severe weather conditions or other epidemic or outbreak. Health or other government regulations adopted in response to an epidemic, severe weather conditions such as