It is understood and agreed that coverage afforded by this policy is amended as follows:

A.   Subject always to the Coverage Warranty below, Section I. COVERAGE is amended to include the following:

  1. Breach of Personal Data Legal Liability: The Corporation does hereby agree to pay on behalf of the Insured such loss in excess of the applicable deductible specified in Item 4. of the policy Declarations and within the limit of liability specified below sustained by the Insured by reason of liability imposed by law for damages caused by any negligent act, error or omission of the Insured arising out of the conduct of the business of the Insured in rendering services to others as a general insurance agent, insurance agent, insurance broker, Named Insured, or insurance consultant.

Sublimit of Liability: $1,000,000 each claim and each policy period

  1. Breach of Personal Data Extra Expense Protection: If, during (he policy period, personal data of others is compromised as a result of a breach of the Insured’s network security through hacking, mismanagement, loss, or theft due to your negligent act, error or omission, we will pay up to $15,000 per incident of breach subject to a per-policy period aggregate limit of $50,000 for reasonable and necessary expenses incurred by an Insured as a result of any breach in connection with the Named Insured’s insurance services. The extra expense must be incurred by the Insured.
  1. to consult with legal counsel on how best to respond to the breach of personal data;
  2. to consult with Information Technologies to determine the nature and extent of the breach of personal data; or
  3. to assist in notification of the individuals who have been affected by the breach of personal data.

A $1,000 deductible applies to each incident of breach reported under this paragraph A. 2.

Coverage Warranty
Coverage afforded by this endorsement shall not apply unless the Insured has implemented current and commonly accepted technologies and methodologies designed to secure personal data and appropriate to the size and structure of the insurance agency and indecipherable to unauthorized individuals and which are in place at the time of the breach; provided, however, that any such technologies and methodologies must comply with privacy regulations found within the Personal Information Protection and Electronic Documents Act (PIPEDA) or any other federal, provincial or local law or regulation, governing any industry in which the Insured is rendering its services.

B.  Section V. DEFINITIONS is amended to add the following definition:

BREACH. The term breach means any misappropriation or unauthorized access, use, disclosure, modification, publication, theft, disappearance, or destruction of personal data within the care, custody or control of any Insured. Breach does not include any misappropriation or unauthorized access, use, disclosure, modification, publication, theft, disappearance, or destruction of personal data within the care, custody or control of a third party to whom any Insured has intentionally provided the personal data.


PERSONAL DATA.

The term personal data means all information, whether written or electronic:

  1. all information, whether written or electronic, which, when used alone or when combined with other personal or identifying information, relates to an individual and allows that individual to be identified; or;
  1. all information concerning an individual, whether written or electronic, that would be considered protected personal information or health information as defined within any applicable federal, provincial, local government or foreign legislation pertaining to identity theft or privacy protection.
  2. For the purposes of this endorsement only, Section VI. EXCLUSIONS is amended to add the following

C. For the purposes of this endorsement only, Section VI. EXCLUSIONS is amended to add the following exclusions:

  1. any breach of personal data resulting from any act committed by an individual or individuals acting in an effort to coerce civilian populations or to influence the policy or affect the conduct of any federal, provincial or local government;
  2. any breach of personal data resulting from any failure of the Insured to implement current and commonly accepted technologies and methodologies designed to secure personal data and appropriate to the size and structure of the agency; or
  3. any breach of personal data resulting from any failure of the Insured to comply with any applicable privacy regulations found in the personal information Protection and Electronic Documents Act (PIPEDA) or any other federal or provincial law or regulation, governing any industry in which the Insured is rendering its services.

 

All other terms and conditions of this policy shall remain unchanged.