F00107 Page 1 of 7
052011 ed.
INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA
LIABILITY APPLICATION
NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS
AND APPLIES ONLY TO CLAIMS FIRST MADE AGAINST THE INSURED DURING THE POLICY PERIOD
OR THE OPTIONAL EXTENSION PERIOD (IF APPLICABLE) AND REPORTED TO THE UNDERWRITERS
DURING THE POLICY PERIOD OR AS OTHERWISE PROVIDED IN CLAUSE X. OF THIS POLICY.
AMOUNTS INCURRED AS CLAIMS EXPENSES UNDER THIS POLICY SHALL REDUCE AND MAY
EXHAUST THE LIMIT OF LIABILITY AND ARE SUBJECT TO RETENTIONS.
PLEASE READ THIS POLICY CAREFULLY.
Please fully answer all questions and submit all requested information. If the Applicant is a private company,
please attach a copy of your most recent financial statement.
I. GENERAL INFORMATION
Full Name:
Mailing Address: State of Incorporation:
City: State & Zip: 
# of Employees: Date Established: 
Website URL’s:
Authorized Officer
1
: 
Telephone: 
E-mail: 
Business Description: 
II. REVENUE INFORMATION:
Most Recent Twelve (12)
months: (ending:
/ )
Previous Year Next Year (estimate)
US Revenue:
Non-US Revenue:
Total Revenue:
Are significant changes in the nature or size of the Applicant’s business anticipated
over the next twelve (12) months? Or have there been any such changes in the
past twelve (12) months?
Yes No
If yes, please explain: 
Has the Applicant in the past twelve (12) months completed or agreed to, or does it
contemplate within the next twelve (12) months, a merger, acquisition,
consolidation, whether or not such transactions were or will be completed?
Yes No
If yes, please explain: 
III. MANAGEMENT OF PRIVACY EXPOSURES
1. Has the Applicant designated a Chief Privacy Officer? Yes No
1
The officer of the Applicant that is designated to receive any and all notices from the Insurer or its authorized
representative(s) concerning this insurance.
F00107 Page 2 of 7
052011 ed.
If no, please indicate what position (if any) is responsible for privacy issues:
2. Does the Applicant have a written corporate-wide privacy policy? Yes No
If yes, please attach a copy of the privacy policy to this application.
3. Is the Applicant in compliance with its privacy policy? Yes No
If no, please provide details regarding such non-compliance:
4. Does the Applicant accept credit cards for goods sold or services rendered? Yes No
If yes:
A. Please state the Applicant’s approximate percentage of revenues from credit
card transactions in the most recent twelve (12) months: %
B. Is the Applicant compliant with applicable data security standards issued by
financial institutions the Applicant transacts business with (e.g. PCI
standards)?
Yes No
If the Applicant is not compliant with applicable data security standards, please describe the current
status of any compliance work and the estimated date of completion:

5. Does the Applicant restrict employee access to personally identifiable on a
business-need to know basis?
Yes No
6. Does the Applicant require third parties with which it shares personally identifiable
information or confidential information to indemnify the Applicant for legal liability
arising out of the release of such information due to the fault or negligence of the
third party?
Yes No
7. Is the Applicant aware of any release, loss or disclosure of personally identifiable
information in its care, custody or control, or anyone holding such information on
behalf of the Applicant in the most recent three year time period from the date of
this Application?
Yes No
If yes, please describe: 
8. Has the Applicant implemented an identity theft prevention program (aka FTC
“Red Flags” program)?
Yes No
F00107 Page 3 of 7
052011 ed.
IV. COMPUTER SYSTEMS CONTROLS
If the Applicant has completed a full IT-Security Assessment, please check here and skip this
section.
1. Has the Applicant designated a Chief Security Officer as respects computer
systems?
Yes No
If no, please indicate what position is responsible for computer security:
2. Does the Applicant publish and distribute written computer and information
systems policies and procedures to its employees?
Yes No
3. Does the Applicant conduct training for every employee user of the information
systems in security issues and procedures for its computer systems?
Yes No
4. Does the Applicant have :
A. a disaster recovery plan? Yes No
B. a business continuity plan? Yes No
C. an incident response plan for network intrusions and virus incidents? Yes No
How often are such plans tested? 
5. Does the Applicant have a program in place to test or audit security controls on an
annual or more frequent basis?
Yes No
If yes, please summarize the scope of such audits and/or tests:
6. Does the Applicant terminate all associated computer access and user accounts
as part of the regular exit process when an employee leaves the company?
Yes No
7. Is all valuable/sensitive data backed-up by the Applicant on a daily basis? Yes No
If no, please describe exceptions: 
8. Is at least one complete back-up file generation stored and secured off-site
separate from the Applicant’s main operations in a restricted area?
Yes No
If no, describe the procedure used by the Applicant, if any, to store or secure copies of valuable/sensitive
data off-site? 
9. Does the Applicant have and enforce policies concerning when internal and
external communication should be encrypted?
Yes No
A. Does the Applicant encrypt data stored on laptop computers and portable
media?
Yes No
B. Does the Applicant encrypt data stored on back-up tapes? Yes No
C. Does the Applicant encrypt data “at rest” within computer databases? Yes No
10. Does the Applicant enforce a software update process including installation of
software “patches”?
Yes No
If Yes, are critical patches installed within thirty (30) days of release? Yes No
11. Please describe your network infrastructure:
Anti-virus Firewall ISP Intrusion
Detection
Primary vendor:
 
Other significant
vendor:
 
12. How often are virus signatures
updated? 
Automatic Updates Weekly Monthly Other
F00107 Page 4 of 7
052011 ed.
13. Does the Applicant require computer service providers who may have access to
confidential information or personally identifiable information to demonstrate
adequate security policies and procedures?
Yes No
A. Are computer service providers required by contract to indemnify the
Applicant for harm arising from a breach of the provider’s security?
Yes No
14. Has the Applicant suffered any known intrusions (i.e., unauthorized access or
security breach) or denial of service attacks relating to its computer systems in
the most recent three (3) year time period from the date of this Application?
Yes No
If yes, describe any such intrusions or attacks, including any damage caused by
any such intrusions, including lost time, lost business income, or costs to repair
any damage to systems or to reconstruct data or software, describe the damage
that occurred, and state value of any lost time, income and the costs of any
repair or reconstruction: 
V. CONTENT CONTROLS
1. Please describe content produced by the Applicant:
2. Does the Applicant have a procedure for responding to allegations that content
created, displayed or published by the Applicant is libelous, infringing, or in
violation of a third party’s privacy rights?
Yes No
3. Does the Applicant have a qualified attorney review all content prior to posting
on the Insured’s Internet Site?
Yes No
If yes, does the review include screening the content for the following: Yes No
A. disparagement issues? Yes No
B. copywriting infringement? Yes No
C. trademark infringement? Yes No
D. invasion of privacy? Yes No
If no to question 3., please describe procedures to avoid the posting of improper or infringing content:

4. Has the Applicant screened all trademarks used by the Applicant for
infringement with existing trademarks prior to first use?
Yes No
A. Has the Applicant acquired any trademarks from others in the past three (3)
years?
Yes No
If Yes, were acquired trademarks screened for infringement? Yes No
5. Within the last three (3) years, has the Applicant ever received a complaint or
cease and desist demand alleging trademark, copyright, invasion of privacy, or
defamation with regard to any content published, displayed or distributed by or
on behalf of the Applicant?
Yes No
If yes, please provide details regarding any such demands:
VI. PRIOR INSURANCE
1. Does the Applicant currently have insurance in place covering media, privacy or
network security exposures?
Yes No
If yes, please provide the following: 
Insure
r
Limits Retention Policy Period Premium Retroactive
Date
  
F00107 Page 5 of 7
052011 ed.
2. Has any professional liability, privacy, network security or media insurance ever
been declined or cancelled?
Yes No
If yes, please provide details: 
VII. PRIOR CLAIMS AND CIRCUMSTANCES
1. Has the Applicant ever received any claims or complaints with respect to
allegations of invasion of or injury to privacy, identity theft, theft of information,
breach of information security, software copyright infringement or content
infringement or been required to provide notification to individuals due to an
actual or suspected disclosure of personal information?
Yes No
If yes, Provide details of each such claim, allegation or incident, including costs, losses or damages
incurred or paid, and any amounts paid as a loss under any insurance policy:
2. Has the Applicant been subject to any government action, investigation or
subpoena regarding any alleged violation of any law or regulation?
Yes No
If yes, please provide details of any such action, investigation or subpoena:
3. Has the Applicant ever experienced an extortion attempt or demand with respect
to its computer systems?
Yes No
If yes, please provide details: 
4. Has the Applicant notified consumers of a data breach incident in accordance
with a data breach notification law in the past three (3) years?
Yes No
If yes, please provide details: 
5. Has the Applicant notified consumers of a data breach incident in accordance
with a data breach notification law in the past three (3) years?
Yes No
If yes, please provide details: 
6. Does the Applicant, or any director, officer, employee or other proposed insured
have knowledge or information of any fact, circumstance, situation, event or
transaction which may give rise to a claim or privacy breach notification under
the proposed insurance?
Yes No
If yes, provide details: 
THE UNDERSIGNED IS AUTHORIZED BY THE APPLICANT AND DECLARES THAT THE STATEMENTS
SET FORTH HEREIN AND ALL WRITTEN STATEMENTS AND MATERIALS FURNISHED TO THE
INSURER IN CONJUNCTION WITH THIS APPLICATION ARE TRUE. SIGNING OF THIS APPLICATION
DOES NOT BIND THE APPLICANT OR THE INSURER TO COMPLETE THE INSURANCE, BUT IT IS
AGREED THAT THE STATEMENTS CONTAINED IN THIS APPLICATION, ANY SUPPLEMENTAL
APPLICATIONS, AND THE MATERIALS SUBMITTED HEREWITH ARE THE BASIS OF THE CONTRACT
SHOULD A POLICY BE ISSUED AND HAVE BEEN RELIED UPON BY THE INSURER IN ISSUING ANY
POLICY.
THIS APPLICATION AND MATERIALS SUBMITTED WITH IT SHALL BE RETAINED ON FILE WITH THE
INSURER AND SHALL BE DEEMED ATTACHED TO AND BECOME PART OF THE POLICY IF ISSUED.
THE INSURER IS AUTHORIZED TO MAKE ANY INVESTIGATION AND INQUIRY IN CONNECTION WITH
THIS APPLICATION AS IT DEEMS NECESSARY.
THE APPLICANT AGREES THAT IF THE INFORMATION SUPPLIED ON THIS APPLICATION CHANGES
BETWEEN THE DATE OF THIS APPLICATION AND THE EFFECTIVE DATE OF THE INSURANCE, THE
APPLICANT WILL, IN ORDER FOR THE INFORMATION TO BE ACCURATE ON THE EFFECTIVE DATE
OF THE INSURANCE, IMMEDIATELY NOTIFY THE INSURER OF SUCH CHANGES, AND THE INSURER
F00107 Page 6 of 7
052011 ed.
MAY WITHDRAW OR MODIFY ANY OUTSTANDING QUOTATIONS OR AUTHORIZATIONS OR
AGREEMENTS TO BIND THE INSURANCE.
I HAVE READ THE FOREGOING APPLICATION OF INSURANCE AND REPRESENT THAT THE
RESPONSES PROVIDED ON BEHALF OF THE APPLICANT ARE TRUE AND CORRECT.
WARNING
ANY PERSON WHO, WITH INTENT TO DEFRAUD OR KNOWING THAT (S)HE IS FACILITATING A
FRAUD AGAINST THE INSURER, SUBMITS AN APPLICATION OR FILES A CLAIM CONTAINING A
FALSE OR DECEPTIVE STATEMENT MAY BE GUILTY OF INSURANCE FRAUD.
COLORADO: It is unlawful to knowingly provide false, incomplete, or misleading facts or information to an
insurer to defraud or attempt to defraud the insurer. Penalties may include imprisonment, fines, denial of
insurance, and civil damages. Any insurer or agent of an insurer who knowingly provides false, incomplete, or
misleading facts or information to a policyholder or claimant for the purpose of defrauding or attempting to
defraud the policyholder or claimant with regard to a settlement or award payable from insurance proceeds
shall be reported to the Colorado division of insurance.
DISTRICT OF COLUMBIA
: WARNING: It is a crime to provide false or misleading information to an insurer
for the purpose of defrauding the insurer or any other person. Penalties include imprisonment and/or fines. In
addition, an insurer may deny insurance benefits, if false information materially related to a claim was provided
by the applicant.
FLORIDA
: Any person who knowingly and with intent to injure, defraud, or deceive any insurer files a
statement of claim or an application containing any false, incomplete or misleading information is guilty of a
felony in the third degree.
KANSAS:
any person who, with intent to defraud or knowing that (s)he is facilitating a fraud against the
insurer, submits an application for the issuance or rating of an insurance policy, or files a claim containing a
false or deceptive statement may be guilty of insurance fraud.
LOUISIANA AND MARYLAND
: Any person who knowingly and willfully presents a false or fraudulent claim
for payment of a loss or benefit or who knowingly and willfully presents false information in an application for
insurance is guilty of a crime and may be subject to fines and confinement in prison.
MAINE, TENNESSEE, VIRGINIA AND WASHINGTON
: It is a crime to knowingly provide false, incomplete or
misleading information to an insurer to defraud the insurer. Penalties may include imprisonment, fines or denial
of insurance benefits.
MINNESOTA
: A person who files a claim with intent to defraud or helps commit a fraud against an insurer is
guilty of a crime.
OKLAHOMA
: Any person who knowingly, and with intent to injure, defraud or deceive any insurer, makes any
claim for the proceeds of an insurance policy containing any false, incomplete or misleading information is
guilty of a felony.
PENNSYLVANIA
: Any person who knowingly and with intent to defraud any insurance company or other
person files an application for insurance or statement of claim containing any materially false information or
conceals for the purpose of misleading, information concerning any fact material thereto commits a fraudulent
insurance act, which is a crime and subjects such person to criminal and civil penalties.
NEW YORK AND KENTUCKY
: Any person who knowingly and with intent to defraud an insurer or other
person files an application for insurance or statement of claims containing any materially false information, or
conceals for the purpose of misleading, information concerning any fact material thereto, commits a fraudulent
insurance act, which is a crime. New York applicants are subject to a civil penalty not to exceed $5,000 and
the stated value of the claim for each such violation. Pennsylvania applicants are subject to criminal and civil
penalties.
F00107 Page 7 of 7
052011 ed.
A
UTHORIZED SIGNATURE OF APPLICANT TITLE
(Must be signed by corporate officer with authority to sign on
Applicant’s behalf)
_
__________________________________
Printed Name
_
__________________________________
Date
_
______________________
_
__________
Effective Date Requested for this Insurance
If this Application is completed in Florida, please provide the Insurance Agent’s name and license number as
designated. If this Application is completed in Iowa or New Hampshire, please provide the Insurance Agent’s
name and signature only.
__
__
Name of Insurance Agent License Identification No.
Authorized Representative
click to sign
signature
click to edit