Madison Technologies Inc. 10-K Cybersecurity GRC - 2024-01-25

Page last updated on August 24, 2025

Madison Technologies Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-01-25 16:44:20 EST.

Filings

10-K filed on 2024-01-25

Madison Technologies Inc. filed a 10-K at 2024-01-25 16:44:20 EST
Accession Number: 0001753926-24-000160

Item 1C. Cybersecurity.

Not applicable.

Item 1A. Risk Factors.

We may be subject to governmental regulation and other legal obligations, particularly related to privacy, data protection and information security, and our actual or perceived failure to comply with such obligations could harm our business.

We may be subject to a number of domestic and international laws and regulations that apply to cloud services and the internet generally. These laws, rules and regulations address a range of issues, including data privacy and cyber security, breach notification and restrictions or technological requirements regarding the collection, processing, use, storage, protection, disclosure, retention or transfer of data. The regulatory framework for online services, data privacy and cyber security issues worldwide can vary substantially from jurisdiction to jurisdiction, is rapidly evolving and is likely to remain uncertain for the foreseeable future. Many federal, state, local and foreign government bodies and agencies have adopted or are considering adopting laws, rules and regulations regarding the collection, processing, use, storage and disclosure of information, web browsing and geolocation data collection, data analytics, facial recognition, cyber security and breach response and notification procedures. Furthermore, existing laws and regulations are constantly evolving, and new laws and regulations that apply to our business are being introduced at every level of government in the United States, as well as internationally. As we seek to develop our business, we are, and may increasingly become subject to various laws, regulations, and standards, and may be subject to contractual obligations relating to data privacy and security in the jurisdictions in which we operate. Any significant change to applicable laws, regulations or industry practices regarding the use or disclosure of personal information, or regarding the manner in which the express or implied consent of customers for the use and disclosure of personal information is obtained, could require us to modify our products and features, possibly in a material manner and subject to increased compliance costs, which may limit our ability to develop new products and features that make use of the personal information that our customers may voluntarily share. Any failure, or perceived failure, by us to comply with any federal or state privacy or security laws, regulations, industry self-regulatory principles, or codes of conduct, regulatory guidance, orders to which we may be subject, or other legal obligations relating to data privacy or security could adversely affect our reputation, brand and business, and may result in claims, liabilities, proceedings or actions against us by governmental entities, customers or others. Any such claims, proceedings or actions could hurt our reputation, brand and business, force us to incur significant expenses in defense of such proceedings or actions, distract our management, increase our costs of doing business, result in a loss of customers and result in the imposition of monetary penalties.

In the United States, there are numerous federal and state data privacy and security laws, rules, and regulations governing the collection, use, disclosure, retention, security, transfer, storage, and other processing of personal data, including federal and state data privacy laws, data breach notification laws, and consumer protection laws. For example, the Federal Trade Commission (“FTC”) and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. Such standards require us to publish statements that describe how we handle personal data and choices individuals may have about the way we handle their personal data. If such information that we publish is considered untrue or inaccurate, we may be subject to government claims of unfair or deceptive trade practices, which could lead to significant liabilities and consequences. Moreover, according to the FTC, violating consumers’ privacy rights or failing to take appropriate steps to keep consumers’ personal data secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act. State consumer protection laws provide similar causes of action for unfair or deceptive practices.

In March 2021, the Governor of Virginia signed into law the Virginia Consumer Data Protection Act (the “VCDPA”). The VCDPA creates consumer rights, similar to the CCPA, but also imposes security and assessment requirements for businesses. In addition, in July 2021, Colorado enacted the Colorado Privacy Act (“COCPA”), becoming the third comprehensive consumer privacy law to be passed in the United States (after the CCPA and VCDPA). The COCPA closely resembles the VCDPA, and both will be enforced by the respective states’ Attorney General and district attorneys, although the two differ in many ways. We must comply with each if our operations fall within the scope of these newly enacted comprehensive mandates, which may increase our compliance costs and potential liability. Similar laws have been proposed in other states and at the federal level, reflecting a trend toward more stringent privacy legislation in the United States. This legislation may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment in resources to compliance programs, could impact strategies and availability of previously useful data, and could result in increased compliance costs and/or changes in business practices and policies.

In addition, some laws may require us to notify governmental authorities and/or affected individuals of data breaches involving certain personal information or other unauthorized or inadvertent access to or disclosure of such information. We may need to notify governmental authorities and affected individuals with respect to such incidents. For example, laws in all 50 U.S. states may require businesses to provide notice to consumers whose personal information has been disclosed as a result of a data breach. These laws are not consistent, and compliance in the event of a widespread data breach may be difficult and costly. We also may be contractually required to notify consumers or other counterparties of a security breach. Regardless of our contractual protections, any actual or perceived security breach or breach of our contractual obligations could harm our reputation and brand, expose us to potential liability or require us to expend significant resources on data security and in responding to any such actual or perceived breach.

We strive to comply with all applicable laws, policies, legal obligations and industry codes of conduct relating to privacy and data protection to the extent possible. Because the interpretation and application of privacy and data protection laws are still uncertain, it is possible that these laws may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another or with our existing practices or the features of our products and may conflict with other rules or regulations, making enforcement, and thus compliance requirements, ambiguous, uncertain, and potentially inconsistent. Any failure or perceived failure by us to comply with our privacy policies, privacy-related obligations to customers or other third parties, or our privacy-related legal obligations, or any compromise of security that results in the unauthorized access to or unintended release of personally identifiable information or other customer data, may result in governmental enforcement actions, litigation, or public statements against us by consumer advocacy groups or others. Any of these events could cause us to incur significant costs in investigating and defending such claims and, if found liable, pay significant damages. Further, these proceedings and any subsequent adverse outcomes may cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.

We may also be subject to claims of liability or responsibility for the actions of third parties with whom we interact or upon whom it relies in relation to various products or services, including but not limited to vendors and business partners. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our products, which could have an adverse effect on our business. Any inability to adequately address privacy and/or data concerns, even if unfounded, or comply with applicable privacy or data protection laws, regulations and policies, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business.

The costs of compliance with, and other burdens imposed by, the laws, rules, regulations and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our products or services. Even the perception of privacy concerns, whether or not valid, may harm our reputation, inhibit adoption of our products or services by current and future customers, or adversely impact our ability to attract and retain workforce talent. Our failure to comply with applicable laws and regulations, or to protect such data, could result in enforcement action against us, including fines, imprisonment of our employees or directors and public censure, claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our operations, financial performance and business.

Company Information