Choice of Counsel
Does the policy allow for you to choose your own Counsel or do you have to use the carrier’s Counsel for the policy to respond?

Electronic Records vs. Paper Records
Are both electronic and paper data records covered? If you have paper records in storage, make sure your policy covers paper records, in addition to electronic records.

Independent Contractors
Are Independent Contractors included as an insured in the event your Independent Contractor caused the data breach?

Notification Costs and Credit Monitoring
Voluntary or only when required by law? Voluntary is broader because it allows the business owner to notify all personal data records in the event of a data breach versus only those impacted data records. 47 states currently have a data breach notification law and typically, you are required by law to notify the impacted data records only.

Personal Information Definition
A broad definition will read “Any information related to an identified or identifiable natural person.” Specific information items covered, such as public personal information only, is not as broad and may exclude non-public personal information.

PCI Fines and Penalties
Are fines and penalties covered and what about HIPAA if you are in the healthcare industry? If you accept credit card payments, make sure PCI fines are covered as these fines start at $5,000 each.