Here’s a fresh list of provisions to carefully evaluate and watch for when considering first-party and third-party liability privacy and security coverage options.
1. Exclusions for failure to maintain a specified level of security standard, e.g. PCI compliant.
2. Exclusions for a programming error.
3. Exclusions for failure to update software and/or implement patches.
4. No coverage for physical theft or loss of paper files, back-up disks, laptops etc. containing personally identifiable information.
5. No coverage for privacy notification or crisis management expenses following a covered security breach if there is no legal requirement to notify.
6. Exclusions for employee failure to periodically update passwords.
7. Exclusions for data that is not encrypted.