Do you accept credit or debit card payments? Do you keep credit card information for future payments?
Do customers complete a medical background questionnaire for you?
Do you have social insurance numbers for employees so you can file payroll taxes?
If you keep personal information like this for customers or employees, either in paper or electronic files, do you know what to do if this info is lost or stolen, either accidentally or by thieves or hackers?
Soon it will be mandatory to report these breaches to the Privacy Commissioner and the affected people, with fines up to $100,000 per violation if you fail to do so. This applies even if the privacy breach is with a company you have outsourced to, such as to process credit card transactions or payroll.
What Does The Privacy Breach Expense Endorsement Cover?
$25,000 for Remediation Expenses, such as:
- Public relations & crisis management
- Notification to customers or employees
- Computer forensic services (help to figure out how it happened, who has been affected, how to fix it)
- Credit & fraud monitoring for affected customers or employees
$25,000 for Business Interruption resulting from a privacy breach, including:
- Loss of profits
- Extra expenses to reduce the loss of profits
Access to Privacy & Data Security Specialists for services such as
- Privacy breach response plan to minimize the impact and potential fallout of a breach
- Notification assistance
- $1,000 deductible applies
- 48 hour waiting period applies for business interruption coverage
- Business interruption coverage is for a period of 30 days from when the breach is discovered or until the business achieves a level of profit it would have been at had the breach not occurred, whichever is shorter.
- Does not cover liability to other parties for a privacy breach (ie. if a customer sues you because of the breach)
- Does not cover fines or penalties due to a breach
- Does not pay cyber extortion ransoms
- You must have security software, such as anti-malware, on each computer AND a firewall (software firewall on each computer plus a hardware firewall). Security software and firewall must be kept updated when security patches are available.
- Business-critical and sensitive data must be regularly backed up, archived and tested for business interruption coverage to be available.
This highlights some of the coverages available with the Privacy Breach Expense Endorsement. Refer to policy wordings for complete information on coverages, limitations and exclusions.