News Release

ACE USA Releases Next Generation of DigiTech and Privacy Protection Products
Responding to Client/Broker Needs, New Regulations, and Developing Privacy Risks
Apr 18, 2009

PHILADELPHIA--(BUSINESS WIRE)--ACE USA, the U.S.-based retail operating division of the ACE Group of Companies, today announced the launch of its next generation ACE DigiTech® and ACE Privacy Protection®policies, which provide two of the most robust forms of privacy and network liability protection currently available for the digitally-driven global business arena.

ACE DigiTech® offers integrated errors & omissions, privacy liability and network security liability coverage designed for technology companies, while ACE Privacy Protection® offers privacy liability and network security coverage designed for companies in all industries. ACE has revised both policy forms to address new privacy regulations for the handling of sensitive data and the increasing expenses associated with data breaches.

Three new regulations that are taking effect are potential “game-changers” for the privacy environment. These include the Identity Red Flags under the Fair and Accurate Credit Transactions Act; Massachusetts 201 CMR 17; and the Health Information Technology for Economic and Clinical Health Act, passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA).

“Passage of this federal privacy legislation has generated increased demand for privacy protection insurance and the new mandates translate to greater liability and heightened risk for all employers and every business,” said Norm Rafsol, Senior Vice President, ACE Professional Risk. “The regulatory climate around privacy issues is in a continual state of flux and, as it evolves, risk levels shift. The implications of these new federal regulations are significant as they reflect the next phase in privacy regulation. If they haven’t already done so, risk managers, employers and business owners should be reevaluating the security of their data, rethinking their appetite for risk, and reassessing their insurance coverage.”

“This new legislation has really raised the bar for companies handling sensitive data,” said Toby Merrill, Assistant Vice President, ACE Professional Risk. “It marks a real shift from merely requiring that companies notify individuals of a breach to now mandating that companies are protecting personally identifiable data on the front end, before the breach occurs. In addition to these regulatory changes, we have also listened carefully to our brokers and clients, frequently asking them how we might improve upon our products. Because their feedback helped shape the latest editions of these policies, we are confident it will meet their real-world needs going forward.”

Other factors came into play, as well, in the development of these products. Mr. Merrill commented, “In addition to client needs and new regulations, ACE’s years of claims experience in handling technology and privacy matters has provided us with the necessary insight to truly understand the intricacies of these very complex events. We have also seen a significant increase in the number of privacy incidents. As a result, we worked to strengthen those aspects of our products.”

Enhancements to New Policy Forms:*

Addresses New Privacy Regulations:

  • Health Information Technology for Economic and Clinical Health Act
  • Massachusetts 201 CMR 17
  • Identity Theft Red Flags under the Fair and Accurate Credit Transactions Act
  • State, federal and foreign equivalents

Data Breach Expenses Expanded to Now Include:

  • First and Third Party expenses
  • Forensic Expenses
  • Expenses to comply with the consumer notification provisions of the applicable jurisdiction that most favors coverage for such expenses
  • Costs for Voluntary Notification (prior written approval requirement)
  • Legal expenses incurred by the Insured to ascertain their indemnification rights under contract
  • Credit Monitoring Expenses (no longer tied to privacy regulations)

Additional Features:

  • Even more simplified form
  • Affirmative 100 percent Allocation of Defense provision if at least one covered claim is asserted
  • Coverage for Regulatory Fines
  • Broad form Network Security language including:
    • Failure to protect third party Trade secrets
    • SPAM resulting in a failure of network security
  • Carve backs for Regulatory Proceeding, Severability and Defense on applicable exclusions
  • Specified officers, directors, principals, and partners for Notice and Representations
  • Ability to settle matters within the retention

The new forms continue to provide key features of the previous forms, including:

  • Privacy coverage includes sensitive personal and corporate information in any format
  • Access to the eRisk Hub™ portal, a web-based loss prevention resource containing information and technical resources to help policyholders manage their privacy and network risk
  • No retention, coinsurance, prior written approval, or post-discovery time restrictions for Data Breach Fund (voluntary notification subject to prior written approval)
  • Data Breach Fund includes coverage for costs to retain public relations, crisis management and law firms in the event of a data breach
  • Consumer Redress Fund applies to full Privacy and Network limits of liability
  • Simplified form to fit all industries of all sizes

ACE Professional Risk, a division of ACE USA, is staffed by a specialized team of innovative underwriters and provides management liability, professional liability, kidnap and ransom and surety products throughout the U.S. For more information about ACE Professional Risk and its range of products and services, please contact Toby Merrill at toby.merrill@acegroup.com, (215) 640-1390 or visit www.aceusa.com.

*Product highlights are summaries only; please see actual policy for terms and conditions. Products may not be available in all locations and remain subject to ACE Professional Risk’s underwriting criteria.

ACE USA is the U.S.-based retail operating division of the ACE Group of Companies, headed by ACE Limited (NYSE:ACE), and is rated A+ (Superior) by A.M. Best Company and A+ (Strong) by Standard & Poor’s. ACE USA, through its underwriting companies, provides insurance products and services throughout the U.S. Additional information on ACE USA and its products and services can be found at www.aceusa.com. The ACE Group of Companies provides insurance and reinsurance for a diverse group of clients around the world.

Contact:

ACE USA
Carla Ferrara, 215-640-4744
carla.ferrara@acegroup.com