Skip to content

Section II – 3rd Party Insuring Agreements

A. Privacy & Cyber Security Liability

We will pay on behalf of any Insured all Damages and Claim Expenses, which the Insured is legally obligated to pay for a Claim first made against the Insured during the Policy Period or Extended Reporting Periods (if applicable) for:

  1. a Cyber Security Incident, including the failure to timely disclose or provide notification of a Cyber Security Incident;
  2. a Privacy Breach Incident, including the failure to timely disclose or provide notification of a Privacy Breach Incident; or
  3. failure to comply with those portions of the Insured Organization's Privacy Policy which governs the loss, disclosure, sharing, selling of, or access to Protected Personal Information, provided the Insured Organization has a Privacy Policy in place at the time of the alleged failure and that the Privacy Policy addresses the conduct at issue in the Claim,

which takes place on or after the Retroactive Date and before the end of the Policy Period.

B. Digital Media Liability

We will pay on behalf of any Insured all Damages and Claim Expenses, which the Insured is legally obligated to pay for a Claim first made against the Insured during the Policy Period or Extended Reporting Periods (if applicable) for a Digital Media Wrongful Act which takes place on or after the Retroactive Date and before the end of the Policy Period.

C. Regulatory Liability

We will pay on behalf of any Insured all Regulatory Damages and Claim Expenses, which the Insured is legally obligated to pay for a Regulatory Claim first made against the Insured during the Policy Period or Extended Reporting Periods (if applicable) for a Cyber Security Incident or Privacy Breach Incident which takes place on or after the Retroactive Date and before the end of the Policy Period.

D. PCI Liability

We will pay on behalf of any Insured all PCI Damages and Claim Expenses, which the Insured is legally obligated to pay for a PCI Claim first made against the Insured during the Policy Period or Extended Reporting Periods (if applicable) for a Privacy Breach Incident which takes place on or after the Retroactive Date and before the end of the Policy Period.