Privacy Breach Coverage

Why Would I Need It?
Do you accept credit or debit card payments or keep credit card information for future payments?

Do customers book appointments online?

Do customers complete a medical background questionnaire for you?

Do you have social insurance numbers for employees so you can file payroll taxes?

If you keep personal information like this for customers or employees, either in paper or electronic files, do you know what to do if this info is lost or stolen, either accidentally or by thieves or hackers?

It is mandatory to report these breaches to the Privacy Commissioner and the affected people, with fines up to $100,000 per violation if you fail to do so. This applies even if the privacy breach is with a company you have outsourced to, such as to process credit card transactions or payroll.

What Does The Privacy Breach Expense Endorsement Cover?

Remediation Expenses, such as:

• Public relations & crisis management
• Notification to customers or employees
• Computer forensic services (help to figure out how it happened, who has been affected, how to fix it)
• Credit & fraud monitoring for affected customers or employees

Business Interruption resulting from a privacy breach, including:

• Loss of profits
• Extra expenses to reduce the loss of profits

Access to Privacy & Data Security Specialists for services such as:

• Privacy breach response plan to minimize the impact and potential fallout of a breach
• Counselling
• Notification assistance

Legal Expenses to defend you if you are sued due to an insured privacy breach. Payment of judgements or settlements is not covered but is available as optional coverage.

Notable Conditions

• $1,000 deductible applies
• 24 hour waiting period applies for business interruption coverage
• Business interruption coverage is for a period of 60 days from when the breach is discovered or until the business achieves a level of profit it would have been at had the breach not occurred, whichever is shorter.
• Does not cover fines or penalties due to a breach
• Does not pay cyber extortion or ransomware payments
• You must have the following in place for coverage to apply:
  • Updated software including
    • Anti-malware software
    • Anti-ransomware software security software
    • Security patches
    • Smart phone operating system
    • Software updates
  • A hardware firewall
  • A software firewall on each computer
  • Security software, firewall and smart phone operating systems must be kept updated when security patches are available (no later than 30 days after patches or updates become available).
  • Business-critical and sensitive data must be regularly backed up, archived, and tested for business interruption coverage to be available.

Cyber Incident Policies are Available for Broader Protection

Do you rely on computer records, store personal or financial information electronically, do e-commerce, provide online services, or rely on your website to generate revenue? You may want to consider a Cyber Incident policy, which can provide protection for things such as:

• Cyber extorsion ransoms
• Denial of service attacks
• Malware that causes data loss, damage, encryption or damage to computer systems
• Data and privacy breaches
• Resulting business interruption
• Defamation, libel, slander, plagiarism or copyright infringement lawsuits resulting from live or recorded video content, webcasts, podcasts and blogs