A summary of data/information security insurance coverage, exclusions, and policy information is provided below. Coverage may vary by agency. This summary does not alter or amend coverage provided in statute or under the state property/casualty insurance program. If your agency experiences a data/information security incident involving the unauthorized disclosure of private, non-public information, please follow the instructions on our website at rmtd.mt.gov/claims/agenciesreportclaims.aspx and submit the claim to the Risk Management & Tort Defense Division. For additional information, please contact us at (406)444-2421.
- Insurer: Beazley Insurance Company and Greenwich Insurance Company.
- Broker: Alliant Insurance Services, Inc.
- Term: 7/1 to 6/30 each fiscal year.
- Coverage Territory: This policy applies to insured events worldwide.
- Coverage Summary: This policy provides coverage for the following:
Data/Information Security Liability
- Damages and claims expenses associated with theft, loss, and unauthorized disclosure of private, non-public information.
- Damages and claims expenses associated with alteration, corruption, and deletion of private, non-public information caused by malicious code and/or service denial failure.
- Damages and claims expenses associated with unauthorized sharing and unauthorized selling of private, non-public information.
- Failure to administer an identity theft protection program.
Privacy Notification Costs
- Cost of hiring computer security experts to determine the existence and cause of a breach of private, non-public information.
- Cost to comply with breach notification laws.
- Cost of notifying parties affected by the breach.
- Cost of credit monitoring for one year for individuals affected by the breach of privacy laws.
Regulatory Defense and Penalties
- Claims expenses and penalties arising from regulatory proceedings involving the unauthorized disclosure of private, non-public information.
- Claims expenses and penalties arising from violations of privacy laws.
- Damages and expenses associated with defamation, libel, slander, caused by the disclosure of private, non-public information.
- Damages and expenses associated with public disclosure of private information.
- Damages and expenses associated with plagiarism, piracy, misappropriation of ideas involving private, non-public information.
- Damages and expenses associated with infringement of copyright of private, non-public information.
- Exclusions: A summary of exclusions is hereby provided.
- Bodily Injury or Property Damage
- Any employer-employee relations policies and practices
- Contractual liability or obligation
- Unlawful collection or acquisition of personally identifiable non-public information
- Anti-trust violations
- Unfair trade practices
- Incidents occurring prior to retroactive date of coverage
- Securities Act violations
- Fair Labor Act violations
- Patent infringement
- Money/securities/funds transfer
- Broadcasting, publications, and advertising
- War and terrorism
- Nuclear events
- Radioactive contamination
- Co-Insurance: There is no deductible. However, each agency or university is responsible for 20% of reasonable and necessary expenses incurred by the Risk Management & Tort Defense Division to investigate, evaluate, and resolve data/information security claims. The division will bill agencies for their fair share of co-insurance payments after the loss up to a maximum of $20,000.
$10,000,000 per occurrence Business Interruption/Extortion/Data Recovery (Liability & 1st Party)
$10,000,000 per occurrence Data/Network/Media/Cards (Liability & 1st Party)
$10,000,000 per occurrence Regulatory Fines & Penalties (Liability)
$10,000,000 annual aggregate all coverages combined
$ 4,000,000 per occurrence Privacy Notification
$100,000 Risk Management & Tort Defense, 20% co-pay per agency/university up to $100,000
Note: Losses that fall outside of commercial insurance limits are the responsibility of each agency/university.