data specifically. These various privacy and security laws may impact our business activities, including our identification of research subjects, relationships with business partners and ultimately the marketing and distribution of our products. State laws are changing rapidly and there is discussion in the U.S. Congress of a new comprehensive federal data privacy law to which we may likely become subject, if enacted.
All of these evolving compliance and operational requirements impose significant costs, such as costs related to organizational changes, implementing additional protection technologies, training employees and engaging consultants and legal advisors, which are likely to increase over time. Further, various other jurisdictions around the world continue to propose new and/or amended laws that regulate the privacy and/or security of certain types of personal data. Complying with these laws, if enacted, would require significant resources and leave us vulnerable to possible fines and penalties if we are unable to comply. The regulatory framework governing the collection, processing, storage, use and sharing of certain information is rapidly evolving and is likely to continue to be subject to uncertainty and varying interpretations. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our services and platform capabilities. Compliance with the above and any other applicable privacy and data security laws and regulations is a rigorous and time-intensive process, and we may be required to put in place additional mechanisms ensuring compliance with the new data protection rules, modify our data processing practices and policies, utilize management’s time and/or divert resources from other initiatives and projects. Any failure or perceived failure by us, or any third parties with which we do business, to comply with our posted privacy policies, evolving laws, rules and regulations, industry standards, or contractual obligations to which we or such third parties are or may become subject, may result in actions or other claims against us by governmental entities or private actors, the expenditure of substantial costs, time and other resources or the incurrence of significant fines, penalties or other liabilities. In addition, any such action, particularly to the extent we were found to be guilty of violations or otherwise liable for damages, would damage our reputation and adversely affect our business, financial condition and results of operations.
If our security measures or those of our contractors, consultants or other service providers are breached or unauthorized access to confidential and/or proprietary information or other sensitive information, including individually identifiable health information or other personally identifiable information, is otherwise obtained, our reputation may be harmed, and we may incur significant liabilities.
We and the third parties upon which we rely face a variety of evolving threats, which could cause cybersecurity incidents or data breaches, which, could result in unauthorized access to systems and data, loss of data, and compromise, misuse, or corruption of such data and information. The systems of any CMOs that we may engage now or in the future, and present and future CROs, contractors, consultants and other service providers also could experience breaches or cybersecurity incidents leading to the exposure of confidential and sensitive information. Despite the implementation of security measures, our internal computer systems and information technology systems and infrastructure and those of our third party CROs, vendors, and other contractors and consultants upon which our business relies are vulnerable to breakdown or damage or interruption from, among other things, natural disasters, terrorism, war, telecommunication and electrical failures, and sophisticated cyber attacks, including the theft, fraud, and subsequent misuse of employee credentials, wrongful conduct by insider employees or vendors, denial-of-service attacks, ransomware attacks, business email compromises, computer malware, malicious codes, viruses, breakdown, wrongful intrusions, data breaches, and social engineering (including phishing attacks). Such threats are prevalent and continue to rise, are increasingly difficult to detect, and come from a variety of sources. Because the techniques used by computer programmers who may attempt to penetrate and sabotage our information technology systems and infrastructure, network security or our website change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques or to adequately prevent or address them.
It is also possible that unauthorized access to our confidential and/or proprietary information or other sensitive information, including customer or employee information, may be obtained through inadequate use of security controls by customers, suppliers or other vendors. We rely on such third parties to implement effective security measures and identify and correct for any failures, deficiencies, compromises or breaches.
In the event of a cybersecurity incident or data breach, our company could be required to provide legal notifications and disclosures, and could suffer loss of business, severe reputational damage adversely affecting investor confidence, regulatory inquiries, investigations and orders, litigation, indemnity obligations, damages for contract breach, penalties and fines for violation of applicable laws or regulations, significant costs for remediation and other liabilities. For example, the loss of preclinical study or clinical trial data from completed or future preclinical studies or clinical trials could result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce the data. To the extent that any disruption or security compromise or breach were to result in a loss or misappropriation of, or damage to, our data, systems, or applications, or inappropriate disclosure of confidential or proprietary information or other sensitive information, we could incur liability and the further development and commercialization of our product candidates could be delayed.
We have incurred and expect to incur significant expenses to prevent cybersecurity incidents and data breaches, including costs related to deploying additional personnel and protection technologies, training employees, and engaging third-party solution providers and consultants. Although we expend significant resources to create security protections that are designed to shield our confidential