Privacy/network security coverage is relatively new and unlike many other coverages the offerings vary significantly by insurer. The typical policy offers coverage for both first party and third party losses. First party coverage is where the insurer covers the insured for its own loss. Think of it as property coverage. Third party coverage applies to your obligations to others. This is more like general liability or professional liability insurance.
Common coverage parts include:
Third Party Coverage Information Security & Privacy Liability
Coverage is provided for:
- Claims arising out of the theft, loss or unauthorized disclosure of personally identifiable non-public information (PII) that is in the care custody or control of the insured.
- Alternation, corruption, destruction, deletion or damage to a data asset.
- The failure to prevent transmission of malicious code from computer systems to third party computer systems.
- Participation in a denial of service attack directed against a third party computer system.
- Failure to timely disclose an incident in violation of any breach notice law.
- specifically prohibits or restricts the insured’s disclosure, selling or sharing of Personally Indefinable Information (PII).
- Mandates procedures to prevent the loss of PII
Website Media Content Liability
Coverage is provided for:
- Defamation, libel, slander, outrageous conduct, or other tort related to disparagement or harm to the reputation of any person or organization
- Violation of the rights of privacy of an individual
- Invasion or interference with an individual’s right of publicity
- Plagiarism, piracy, misappropriation of ideas under implied contract
- Infringement of copyright; domain name, trademark, trade name, trade dress, logo, title, etc.
- Improper deep-linking or framing within electronic content
First Party Coverages
Privacy Breach Response
- Coverage is provided for:
- Costs to hire a computer security expert to verify the existence or cause of the breach
- To provide notification to:
In the discretion of Underwriters, notice to those where it is reasonably believed that information has been wrongly disclosed.
- Mailing and other reasonable expenses associated with such a program.
- Credit Monitoring Services
- Call Center
Regulatory Defense and Penalties
Coverage is provided for claims in the form of Regulatory Proceeding resulting from violation of Privacy Law. Privacy Law includes federal, state or foreign statutes or regulations requiring the Insured Organization to protect the confidentiality or security of Personally Identifiable Non-Public Information.
Data Breach Coach
Many insurers offer the services of a “data breach coach” (coach). The coach would be your first point of contact in the event of a data related issue. The coach will determine what needs to be done and who needs to be engaged. In other words is a forensics team required? Is legal assistance needed etc?
PDI is an Indianapolis-based wholesale brokerage firm with a national network that includes thousands of insurance agents, brokers, architects, engineers and contractors in all 50 states. Since PDI’s beginning in 1980, we’ve handled a single line of coverage: errors & omissions (E&O) for design professionals.