Privacy breach coveragefor commercial customers

Frequently asked questions

1. Why are we changing the name from cyber to privacy breach?

Cyber risk has become increasingly complex since we launched our product back in 2015. As we’ve come to understand more about this category of risk, we wanted to ensure customers have a better understanding of the type of coverage they were getting with Intact. Privacy breach is a more accurate term for the type of protection we can provide.

2. How do we convert existing customers and manage portfolio additions?

Existing customers with our first-party cyber coverage will be converted to our enhanced first-party privacy breach coverage on renewal. Third party liability coverage is optional and can be purchased for additional premium. Brokers may also choose to add these coverages on to an entire book of business. Intact Insurance can provide customer communications materials.

3. What is a data or privacy breach?

A privacy breach can include the loss, theft, unauthorized access to or use of personal customer or employee information. This data can include: Social Insurance Number; bank account number, credit or debit card information; driver’s licence number; medical diagnosis, patient history and medications; and, other personal information defined by provincial or federal law.

4. Why do businesses need protection against a privacy breach?

The threat of privacy breaches in Canada is growing, with reports of cybercrime doubling over a one-year period. In addition to the growth of data breaches and media attention, the types of attacks are also wide-ranging and constantly evolving. Any business that handles or stores confidential customer or employee data should be aware of the threat of a privacy breach.

5. Which customers would benefit from this coverage?

Our privacy breach coverage is ideal for small to medium-sized business customers.

6. How can a breach occur?

There are multiple ways in which attacks or other incidents can potentially lead to a data security breach. These continue to evolve, but some of the most common incidents include:

• Stolen devices (laptop, PC, mobile phone, smartphones, etc.);

• Stolen paper files;• Improper document or office equipment disposal;• Accessing data stored in the cloud• Computer system or network hacked by a computer

virus, leading to a security breach; and,• Unauthorized use of a computer system, resulting in

unauthorized access to or use of personal information.

7. What does Intact Insurance’s privacy breach coverage entail?

Intact Insurance’s privacy breach offering provides three basic first-party coverages, each with base limits of $25,000*, in the event of a privacy breach that affects the personal information of customers or employees:

• Remediation expenses to cover various costs (such as notifying customers and employees; and, credit and fraud monitoring expenses);

• Business interruption to cover loss of income related to the breach, and necessary extra expenses; and,

• Legal expense coverage for certain legal fees and defence costs incurred as a result of a covered breach.

These base coverages can be purchased for a low premium of $120 per year without a questionnaire or application.

Third party liability can also be added to the policy for legally obligated compensation to others and your customer’s legal expenses resulting from a privacy breach. Limits start at $50,000.

8. Can third party liability coverage be purchased standalone?

While it can be added standalone, it can result in higher claims for customers and leave customers unprotected against certain claims.

9. Are higher limits available for these coverages?

Yes. Limits up to $100,000 can be added for remediation expenses, business interruption and third party liability coverages, and up to $50,000 for first-party legal expenses coverage without an underwriting application. Limits up to $200,000 for remediation expenses and business interruption, and up to $2M for third party liability can be purchased with an underwriting application. Additional premiums will apply.

10. How much do the higher limits cost? ?

Our pricing for these higher limits will vary depending on class of business and overall exposure to privacy breaches. (see examples below).

ScenariosBecause policy information can impact premium, we’ve assumed the customers have been operating for 5 years and we have used the typical premium for that class of business to calculate the privacy breach coverage premium.

Low Exposure Medium Exposure High Exposure

THE CUSTOMER OPERATES A BUILDING CONSTRUCTION COMPANY.

BASE SCENARIORemediation expenses (RE): $25,000 Business Interruption (BI):$25,000. Legal expense (LE): $25,000

ANNUAL PREMIUM: $120Price per day: $0.33

Optional: Third party liability (TPL): $50,000

ANNUAL PREMIUM: $77Price per day: $0.21

TOTAL ANNUAL PREMIUM: $197Price per day: $0.54 cents

SCENARIO 1Remediation expenses (RE): $50,000 Business Interruption (BI):$50,000 Legal expense (LE): $50,000

ANNUAL PREMIUM: $165Price per day: $0.45

Optional: Third party liability (TPL): $75,000

ANNUAL PREMIUM: $115Price per day: $0.32

TOTAL ANNUAL PREMIUM: $280Price per day: $0.77 cents

SCENARIO 2Remediation expenses (RE): $100,000 Business interruption (BI): $100,000Legal expense (LE): $50,000

ANNUAL PREMIUM: $271Price per day: $0.74

Optional: Third party liability (TPL): $100,000

ANNUAL PREMIUM: $146Price per day: $0.40

TOTAL ANNUAL PREMIUM: $417Price per day: $1.14

THE CUSTOMER OPERATES A LARGE HARDWARE WHOLESALING OPERATION.

BASE SCENARIORemediation expenses (RE): $25,000 Business Interruption (BI):$25,000. Legal expense (LE): $25,000

ANNUAL PREMIUM: $120Price per day: $0.33

Optional: Third party liability (TPL): $50,000

ANNUAL PREMIUM: $100Price per day: $0.27

TOTAL ANNUAL PREMIUM: $220Price per day: $0.60 cents

SCENARIO 1Remediation expenses (RE): $50,000 Business Interruption (BI):$50,000 Legal expense (LE): $50,000

ANNUAL PREMIUM: $239Price per day: $0.65

Optional: Third party liability (TPL): $75,000

ANNUAL PREMIUM: $150Price per day: $0.41

TOTAL ANNUAL PREMIUM: $389Price per day: $1.06 cents

SCENARIO 2Remediation expenses (RE): $100,000 Business interruption (BI): $100,000Legal expense (LE): $50,000

ANNUAL PREMIUM: $394Price per day: $1.08

Optional: Third party liability (TPL): $100,000

ANNUAL PREMIUM: $190Price per day: $0.52

TOTAL ANNUAL PREMIUM: $584Price per day: $1.60

THE CUSTOMER OWNS SEVERAL DENTAL CLINICS.

BASE SCENARIORemediation expenses (RE): $25,000 Business Interruption (BI):$25,000. Legal expense (LE): $25,000

ANNUAL PREMIUM: $120Price per day: $0.33

Optional: Third party liability (TPL): $50,000

ANNUAL PREMIUM: $150Price per day: $0.41

TOTAL ANNUAL PREMIUM: $270Price per day: $0.74 cents

SCENARIO 1Remediation expenses (RE): $50,000 Business Interruption (BI): $50,000 Cyber legal expense (LE): $50,000

ANNUAL PREMIUM: $359Price per day: $0.98

Optional: Third party liability (TPL): $75,000

ANNUAL PREMIUM: $225Price per day: $0.62

TOTAL ANNUAL PREMIUM: $584Price per day: $1.60

SCENARIO 2Remediation expenses (RE): $100,000 Business interruption (BI): $100,000Legal expense (LE): $50,000

ANNUAL PREMIUM: $592Price per day: $1.62

Optional: Third party liability (TPL): $100,000

ANNUAL PREMIUM: $285Price per day: $0.78

TOTAL ANNUAL PREMIUM: $877Price per day: $2.40

16. What CyberScout services do customers have access to?

CyberScout provides access to a knowledge base of tools, information and education—all accessible via a secure log-in. Additionally, CyberScout provides breach response services that do not draw from the coverage limit to help customers prepare for and plan for a breach. Some of these services could include:

17. How can your customers access the CyberScout knowledge base?

Go to: www.intactinsurance.breachresponse.caGlobal username: Intactinsurance1Global password: Intactinsurance1Note: The first time customers log in, they will be prompted to create a unique username and password.

18. In the event of a privacy breach, what should customers do?

At the first sign of a breach, customers should call the Intact Insurance claims department at 1 866 464 2424.

Our adjusters will complete an initial loss assessment and advise the customer of the next steps. The adjuster will connect the customer with CyberScout breach consultants who will identify how best to handle the breach. CyberScout breach consultants are also there to:

• assist with crisis management, answering questions, and listening to any concerns the policyholder might have;

• provide necessary documentation; and,• provide industry best practices regarding the handling of

a breach.

Per claim and in the aggregate. Certain conditions, limitations and exclusions apply. The information that appears on this document is provided to you for information purposes only. Privacy breach expense offerings are through the Privacy Breach Expense endorsement, Privacy Breach Legal Expense endorsement and Privacy Breach Liability endorsement. Your insurance contract prevails at all times. Please consult it for a complete description of coverage and exclusions. Non-insurance services are provided by CyberScout Inc., an independent third party. These services do not constitute legal advice. If you require legal advice, please consult a lawyer. Intact Financial Corporation and its affiliates assume no responsibility for making the services available to you or for your use of the services. ®Intact Insurance Design is a registered trademark of Intact Financial Corporation, used under license. © 2018 Intact Insurance Company. All rights reserved.

BREACH COUNSELLING

Determine if a privacy breach occurred. Assess severity of the event. Explain breach response requirements and best practices.

CRISIS MANAGEMENT

Time-saving professional service to guide customers in handling a breach. Work closely with the customer and claims to outline an action plan.

REMEDIATION SERVICES

Service recommendations to impacted individuals such as notification, call handling and monitoring products.

11. Can a single policy include different limits for first party and business interruption?

Yes, different limits can be added to a single policy.

12. Where does the coverage apply?

First-party coverage applies to your customer’s computer equipment when working at the office, from home, from temporary locations in Canada or while travelling for business worldwide for up to 60 days (some restrictions may apply). Third party coverage applies worldwide, subject to Canadian law.

13. Are only breaches arising from work (the employers) devices covered?

No, certain employees’ devices which are personally owned and used with permission for business purposes at work or at home are also covered if a privacy breach arises from them. This coverage now extends to desktop PCs, tablets and smartphones, in addition to laptops.

14. What types of remediation costs are covered?

Some examples include: • expenses for public relations services;• expenses related to notifying customers and

employees; and,• credit and fraud monitoring services.

15. Who is CyberScout™?

Intact Insurance is working with CyberScout, an independent service provider of identity and data-risk management, to provide resolution services, education and assessment tools for customers. In addition to the endorsement coverage, customers will have access to information from CyberScout, whose specialty is in:

• raising awareness about evolving technology and data threats;

• educating customers on how it could impact their business; and,

• providing remediation planning and support services in the event of a breach.