1. Forms
2. EP
3. CL-EP-03-10

What the Form Is

The CL EP 03 10 "Exclusion - Confidential Or Personal Information" endorsement is designed to be attached to an Employment-Related Practices Liability (EPL) insurance policy. Its primary purpose is to explicitly remove coverage for claims related to the breach, unauthorized access, disclosure, or loss of confidential or personal information. This can include both digital and physical data. By adding this endorsement, the insurer clarifies that such risks are not intended to be covered under the EPL policy, often because they are more appropriately addressed by a dedicated Cyber Liability insurance policy.

Classes of Business It Applies To

This endorsement is relevant to virtually any business or organization that collects, stores, processes, or transmits confidential or personal information and carries an EPL policy. Examples include:

• Healthcare providers: Handling sensitive patient health information (PHI). A clinic sued by patients because their medical records were improperly accessed by an unauthorized individual would likely find claims related to this breach excluded under their EPL policy if this endorsement is attached.
• Financial institutions: Managing customer financial data and personally identifiable information (PII).
• Retail businesses: Collecting customer payment information and personal data for marketing.
• Technology companies: Developing software or providing services that involve user data.
• Any employer: Maintaining sensitive employee records (e.g., social security numbers, bank details, health information). For instance, if a company's HR database is hacked and employees sue for damages resulting from identity theft, this endorsement would likely bar coverage under the EPL policy for those specific employee claims stemming from the data breach.

Special Considerations

• Coverage Gap: The most significant consideration is the coverage gap this endorsement creates within the EPL policy for data-related liabilities. Businesses must recognize that with this exclusion, they will not have EPL coverage for data breach incidents and should secure separate Cyber Liability insurance.
• Definition of Information: The specific definitions of "confidential information" and "personal information" within the endorsement are crucial and will determine the full scope of the exclusion.
• Regulatory Exposures: Many industries are subject to stringent data protection regulations (e.g., HIPAA, GDPR, CCPA). This exclusion typically means that fines, penalties, or third-party liabilities arising from non-compliance with these regulations concerning data handling will not be covered by the EPL policy.
• Interaction with Other Policies: It's important to understand how this exclusion interacts with other policies the insured may have, particularly Cyber Liability or first-party data breach policies.

Key Information for Agents and Underwriters

• Agents:
  • Must clearly explain the impact of this exclusion to clients, emphasizing that it removes a significant area of potential liability from the EPL policy.
  • Strongly advise clients to procure adequate Cyber Liability insurance to cover the exposures excluded by this endorsement.
  • Review the client's data handling practices to assess the potential impact of this exclusion.
• Underwriters:
  • This endorsement helps delineate the scope of the EPL policy, ensuring it does not unintentionally overlap with cyber-specific coverages.
  • When this endorsement is used, the underwriter can focus the EPL risk assessment more narrowly on traditional employment-related wrongful acts, knowing that data liability is carved out.
  • The presence of this exclusion may slightly reduce the EPL exposure, but the primary benefit is clarity of coverage intent rather than a significant premium reduction on the EPL itself.
  • Underwriters should confirm that the insured is aware of the exclusion and has been advised regarding separate cyber coverage.