The Hartford has introduced data privacy coverage for software developers and technology firms to cover data breaches.
The Hartford Financial Services Group has added First Party Data Privacy Expense coverage, along with Cyber Extortion Expense coverage, to its FailSafe suite of technology liability coverage.
The Hartford officials said that although large-scale data security breaches get the attention, a breach of any size can be costly for software developers, hardware firms and other technology companies that have non-public personal information in their control. Data breach laws in many states require notification and credit monitoring services for those affected, the costs for which are incurred by the company responsible for the breach. With the average per-record cost of a data breach at $202, according to a 2008 Ponemon Institute study, the cost of a breach involving just 500 records could exceed $100,000, the company said.
The Hartford's Data Privacy Expense coverage pays for actual expenses incurred as a result of a policyholder's negligent acts, errors or omissions that result in the improper dissemination of non-public personal information, or a breach or violation of data privacy laws, the company said.
"Many technology companies are at risk for improper dissemination of non-public personal information or violation of data privacy laws," said David Selembo, assistant vice president of professional liability, underwriting and operations for The Hartford's Technology Practice Group, which provides insurance coverage tailored to the risks of technology firms. "This endorsement is designed to address direct costs that would not be covered by third-party technology professional liability coverage."
Specific components of the Hartford's coverage may include:
"1. Notification expenses incurred to comply with notification laws.2. Crisis management expenses incurred for fees and costs associated with hiring a crisis management firm to perform services that minimize potential harm and maintain or restore confidence in the policyholder.3. Data privacy regulatory and credit monitoring expenses incurred in connection with a statutory mandate requiring credit monitoring for third parties in compliance with data privacy laws, legal expenses in defense of a data privacy regulation proceeding, and certain fines or penalties, where insurable, in connection with a data privacy regulation proceeding.4. Cyber-investigation expenses incurred to have a third party investigate the policyholder's computer system to determine the source of a data privacy breach."
The Hartford's Cyber Extortion Expense coverage addresses expenses incurred by a policyholder in the event of an extortion threat that causes an actual interruption, suspension or failure of the company's computer system, including the failure to prevent unauthorized access or unauthorized use of the computer system.