Here’s a fresh list of provisions to carefully evaluate and watch for when considering first-party and third-party liability privacy and security coverage options.

1.  Exclusions for failure to maintain a specified level of security standard, e.g. PCI compliant.

2.  Exclusions for a programming error.

3.  Exclusions for failure to update software and/or  implement patches.

4.  No coverage for physical theft or loss of  paper files, back-up disks, laptops etc. containing personally identifiable information.

5. No coverage for privacy notification or crisis management expenses following a covered security breach if there is no legal requirement to notify.

6. Exclusions for employee failure to periodically update passwords.

7. Exclusions for data that is not encrypted.

This is third installment of the LJ’s List of What to Watch Out For.  Check out the Tech Professional Liability and the Third-party security lists.