Cyber Suite Spotlight: Data Compromise Response Expenses & Liability Coverages June 1, 2020 Share All organizations that maintain data on employees, members, students and others have a responsibility to safeguard it well. Data breaches can cause insureds, and any affected third parties, significant financial and legal stress. We understand the risks that come with maintaining sensitive personal information, which is why we’ve designed our Data Compromise Response and Data Compromise Liability Coverages to work together to better protect our customers and other affected parties in the event of a data breach. Here’s how they work: Data Compromise Response Expenses This coverage is triggered when data containing some type of personal identifying information, such as social security number, credit card information or driver’s license number, is lost, stolen or released. Coverage is designed to help the insured formally respond to their obligations, including: Forensic IT review Legal review Notification expenses Services for affected individuals (credit report and monitoring, identity restoration case management, toll free help line, etc.) Regulatory fines and penalties, which covers Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry (PCI) fines and penalties for non-compliance with data security standards Public relations Example: Three external back-up hard drives with private personal records were stolen from a locked office. The insured consulted with an attorney specializing in data breaches, and as a result, affected individuals received notifications advising them to place a fraud alert with credit bureaus and to monitor their credit reports and other financial statements. Data Compromise Response Expenses helped pay for the costs of retaining an attorney, notifying the affected individuals and monitoring their financials. Data Compromise Liability This third-party coverage deals with litigation, and is triggered after a covered loss under Data Compromise Response Expenses. As long as the insured fulfilled their obligations and responded properly following the data breach, Data Compromise Liability will be activated to provide defense and settlement costs when an affected third party, such as customers, regulators or banks, bring a suit related to a breach of personal information. Example: A hacker gained access to a nonprofit’s donor records. The insured sent breach notifications as required by law, satisfying their response to data compromise, but then a third party brought a suit against the insured alleging damages were caused by the data breach. Data Compromise Liability helped pay for the defense and settlement fees. With the following advantages that Cyber Suite provides in Data Compromise Response & Liability, insureds don’t need to worry about the magnitude of a potential data breach. They will be taken care of in the event they experience a small data breach involving a handful of individuals or a large-scale attack. Limit options ranging from $50,000 to $1 million No self-insured retention No cap on the number of individuals notified in the event of a data breach 30 day extended reporting period included for no additional premium For more information about Data Compromise Response & Liability coverages, contact your GuideOne Sales Director or Marketing Representative, or visit the Cyber Suite Resources page of GuideLink. Filed under Religious Organizations Education Nonprofit Small Business Tags Cyber Security © 2024 GuideOne Insurance. GuideOne® is the registered trademark of the GuideOne Insurance Company. All rights reserved. This material is for informational purposes only. It is not intended to give specific legal or risk management advice, nor are any suggested checklists or action plans intended to include or address all possible risk management exposures or solutions. You are encouraged to retain your own expert consultants and legal advisors in order to develop a risk management plan specific to your own activities.