Get Started for Free Contexxia identifies hard-to-find pieces of information in SEC filings. No more highlighters, no more redlining, no more poring over huge documents. SYMANTEC CORP (849399) 10-K published on May 24, 2019 at 4:10 pm
Reporting Period: Mar 28, 2019
We have incurred, and will continue to incur, significant expenses related to legal and other professional services in connection with the ongoing SEC investigation, which may continue to adversely affect our business and financial condition. In addition, securities class actions and other lawsuits have been filed against us, our directors, and officers (see also, “We are subject to pending securities class action and stockholder derivative legal proceedings . . .” below). The outcome of the securities class actions and other litigation and regulatory proceedings or government enforcement actions is difficult to predict, and the cost to defend, settle, or otherwise resolve these matters may be significant. Plaintiffs or regulatory agencies or authorities in these matters may seek recovery of very large or indeterminate amounts or seek to impose sanctions, including significant monetary penalties. The monetary and other impact of these litigations, proceedings, or actions may remain unknown for substantial periods of time. Further, an unfavorable resolution of litigations, proceedings or actions could have a material adverse effect on our business, financial condition, and results of operations and cash flows. Any future investigations or additional lawsuits may also adversely affect our business, financial condition, results of operations, and cash flows.
Data protection legislation is also becoming increasingly common in the U.S. at both the federal and state level. For example, in June 2018, the State of California enacted the California Consumer Privacy Act of 2018 (the CCPA), which will come into effect on January 1, 2020. The CCPA requires companies that process information on California residents to make new disclosures to consumers about their data collection, use, and sharing practices, allows consumers to opt out of certain data sharing with third parties, and provides a new cause of action for data breaches. However, California legislators have stated that they intend to propose amendments to the CCPA, and it remains unclear what, if any, modifications will be made to the CCPA or how it will be interpreted. Additionally, the Federal Trade Commission (the FTC) and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. The burdens imposed by the CCPA and other similar laws that may be enacted at the federal and state level may require us to modify our data processing practices and policies and to incur substantial expenditures in order to comply.
Global privacy and data protection legislation, enforcement, and policy activity are rapidly expanding and evolving, and may be inconsistent from jurisdiction to jurisdiction. We may be or become subject to data localization laws mandating that data collected in a foreign country be processed and stored only within that country. If any country in which we have customers were to adopt a data localization law, we could be required to expand our data storage facilities there or build new ones in order to comply. The expenditure this would require, as well as costs of compliance generally, could harm our financial condition.
For example, the United Kingdom’s (U.K.) planned exit from the European Union (EU) (Brexit) has caused and may continue to cause significant volatility in global financial markets and will likely have an adverse impact on labor and trade in addition to creating further short-term uncertainty and currency volatility. In the absence of a future trade deal, the U.K.’s trade with the European Union and the rest of the world would be subject to tariffs and duties set by the World Trade Organization. Any adjustments we make to our business and operations as a result of Brexit could result in significant time and expense to complete. While we have not experienced any material financial impact from Brexit on our business to date, we cannot predict its future implications. Any impact from Brexit on our business and operations over the long term will depend, in part, on the outcome of tariff, tax treaties, trade, regulatory, and other negotiations the U.K. conducts.
ARPU is calculated as estimated direct customer revenues for the period divided by the average direct customer count for the same period, expressed as a monthly figure. We estimate direct customer net revenues to be $2.2 billion on a GAAP basis and $2.1 billion on a non-GAAP basis in fiscal year 2019 and 2018, respectively. Non-GAAP fiscal 2018 estimated direct customer revenues used in the calculation of ARPU is adjusted only to exclude a reduction in revenue of $60 million related to purchase accounting adjustments related to the February 2017 acquisition of LifeLock. ARPU for fiscal 2018 would have been $7.99 without this adjustment. We believe the adjustment is useful to investors to reflect ARPU trends in our business by improving the comparability of ARPU between periods. Fiscal 2019 did not include any adjustments to estimated direct customer revenue as the purchase accounting adjustments were fully amortized prior to that period. Non-GAAP estimated direct customer revenues and ARPU have limitations as analytical tools and should not be considered in isolation or as a substitute for GAAP estimated direct customer revenues or other GAAP measures. We monitor APRU because it helps us understand the rate at which we are monetizing our consumer customer base.
Securities class action lawsuits, which have since been consolidated, were filed in May 2018 against us and certain of our current and former officers, in the U.S. District Court for the Northern District of California. The lead plaintiff’s consolidated amended complaint alleges that, during a purported class period of May 11, 2017 to August 2, 2018, defendants made false and misleading statements in violation of Sections 10(b) and 20(a), and that certain individuals violated Section 20A, of the Securities Exchange Act. Defendants filed motions to dismiss, which are currently pending. Purported shareholder derivative lawsuits have been filed against Symantec and certain of our officers and directors in the U.S. District Court for the District of Delaware, Delaware Chancery Court, and Delaware Superior Court, arising generally out of the same facts and circumstances as alleged in the securities class action and alleging claims for breach of fiduciary duty and related claims; these lawsuits include an action brought derivatively on behalf of Symantec’s 2008 Employee Stock Purchase Plan. The derivative actions are currently voluntarily stayed in light of the securities class action. No specific amount of damages has been alleged in these lawsuits. We have also received demands from purported stockholders to inspect corporate books and records under Delaware law. We will continue to incur legal fees in connection with these pending cases and demands, including expenses for the reimbursement of legal fees of present and former officers and directors under indemnification obligations. The expense of continuing to defend such litigation may be significant. We intend to defend these lawsuits vigorously, but there can be no assurance that we will be successful in any defense. If any of the lawsuits are decided adversely, we may be liable for significant damages directly or under our indemnification obligations, which could adversely affect our business, results of operations, and cash flows. At this stage, we are unable to assess whether any material loss or adverse effect is reasonably possible as a result of these lawsuits or estimate the range of any potential loss.