The URL can be used to link to this page

Browse Search

Home My WebLink About000312.tiff CTSI Colorado Counties Casualty and Property Pool 2018 Network Security Policy Ace Policy No. G25660328005 Summaries are brief outlines of the coverages afforded under the insurance policies. Since summaries are for informational purposes only, they should not be construed to constitute the entire insurance contracts. As the policies may contain additional coverages and restrictions, the exact wording should be consulted. Brief Summary of Liability Deductibles This information is provided to present counties with a simple overview of county deductibles in the pool. It does not provide information on limits. The pool insuring agreements contain actual coverages and limits. The county has $0 deductible for network security liability claims The pool pays the first $25,000 or $50,000 of each claim depending on the county's SIR CAPP's excess insurance carrier pays up to $1 million per claim per county, $5 million pool aggregate Colorado Counties Casualty and Property Pool Named Insured Schedule Colorado Counties Casualty and Property Pool including the following members: Alamosa Gilpin Ouray Archuleta Grand Park Baca Gunnison Phillips Bent Hinsdale Prowers Chaffee Huerfano Pueblo Cheyenne Jackson Rio Blanco Clear Creek Kiowa Rio Grande Conejos Kit Carson Routt Costilla Lake Saguache Crowley La Plata San Juan Custer Las Animas San Miguel Delta Lincoln Sedgwick Dolores Logan Summit Eagle Mineral Teller Elbert Moffat Washington Fremont Montrose Weld Garfield Morgan Yuma Otero NOTE: Any entity not named as an insured may not be covered under this policy. This may include Partnerships and Joint Ventures. Arthur J. Gallagher Risk Management Services,Inc. 2018 CAPP Network Liability Summary CAPP Summary Page 1 2 Colorado Counties Casualty and Property Pool Network Security and Privacy Liability Program for Members Claims Made and Reported Policy Current Carrier: ACE American Insurance Company(Admitted) Policy Period: January 1, 2018 to January 1, 2019 Policy Number: G25660328005 Insured Members: Refer to the Named Insured Schedule Policy Form: Claims-Made and Reported Policy. The policy covers only Claims first made against the Insureds and Reported to the Carrier during the Policy Period or Extended Policy Period, if applicable, and which are the result of Wrongful Acts committed on or after the Retroactive Date but before the end of the Policy Period. Retroactive Date: January 1, 2014 Insuring Agreements: . Privacy Liability • Data Breach Fund—Side Car • Network Security Liability • Internet Media Liability • Network Extortion • Digital Asset Loss • Business Interruption PCI Fines/Penalties • Regulatory Proceedings Limits: See Below Retentions: See Below Claims-Made Coverage Note: Should you elect to change carriers (if a new retro-active date is provided)or non- renew this policy, a supplemental extended reporting endorsement may be available subject to policy terms and conditions. You must request the extended reporting period in writing to the carrier within 30 days of the non-renewal or cancellation date of the policy and pay the additional premium by the due date specified on the premium invoice. The cost of this extended reporting period is 100%of the annual premium and is fully earned. The extended reporting period extends only to those claims that occurred prior to the expiration date and would have been covered by the policy. Claims must be reported to the carrier within 30 days of the end of the policy period. The extended reporting period does not increase the limits of liability and is subject to all policy terms, conditions and exclusions Definition of Claim: 1. Insuring Agreements A and C: • a written demand against any Insured for monetary or non-monetary damages • a civil proceeding against any Insured seeking monetary damages or non- monetary or injunctive relief,commenced by the service of a complaint or similar proceeding • an arbitration proceeding against any Insured seeking monetary damages or non-monetary or injunctive relief; or • a regulatory proceeding 2. Insuring Agreement B—a written report by the Insured to the Insurer of a failure by the Insured or b an independent contractor for which the Insured is legally responsible to properly handle, manage,store, destroy or otherwise control Personal Information Adds the following after item 2 above: • with respect to Insuring Agreement F, a Network Security Failure; • with respect to Insuring Agreement G,an Interruption in Service; Arthur J. Gallagher Risk Management Services,Inc. 2018 CAPP Network Liability Summary CAPP Summary Page 2 14 Colorado Counties Casualty and Property Pool Network Security and Privacy Liability Program for Members (Continued) Claims Made and Reported Policy Definition of Claim(Continued): 3. with respect to Insuring Agreement H, an Interruption of Service to the Insured by any Qualified Service Provider caused directly by a failure on the party of the Qualified Service Provider's Network Security, but only if such failure would have been covered under the terms and conditions of this Policy had the Qualified Service Provider been the Insured. 4. For Insuring Agreement D: • a written demand against any Insured for monetary or non-monetary damages; • a civil proceeding against any Insured seeking monetary damages or non- monetary or injunctive relief,commenced by the services of a complaint or similar pleading; • an arbitration proceeding against any Insured seeking monetary damages or non-monetary or injunctive relief 5. With respect to Insuring Agreement F, an Interruption of Service Definition of Wrongful Act: Means any error, misstatement, misleading statement, act,omission, neglect, breach of duty, or Personal Injury offense actually or allegedly committed or attempted by any Insured, in their capacity as such, resulting in: 1. With respect only to Insuring Agreement A: a. the failure by the Insured or by an independent contractor for which the Insured is legally responsible to properly handle, manage, store, destroy or other control: i. personal Information; or ii Third party corporate information in any format provided to the Insured and specifically identified as confidential and protected under a nondisclosure agreement or similar contract with the Named Insured or Subsidiary b. an unintentional violation of the Insured's privacy policy that results in the violation of any Privacy Regulation 2. With respect only to Insuring Agreement B,the failure by the Insured or by any independent contractor for which the Insured is legally responsible to property handle, manage, store, destroy or otherwise control Personal Information 3. With respect only to Insuring Agreement C,a failure of Network Security Definition of Personal An individual's name, social security number, medical or healthcare data, other Information: protected health information, drivers license number, state identification number, credit card number, debit card number, address, telephone number, account number, account histories,or passwords; and other nonpublic personal information as defined in Privacy Regulations; in any format. Personal Information shall not include information that is lawfully made available to the general public for any reason, including but not limited to information from federal,state or local government records. Defense Provisions: • Pay on Behalf of form • Insurer has the duty to defend any covered claim even if claim is groundless, false or fraudulent • Insured shall not admit or assume any liability without the prior written consent of the Insurer. Insured shall not settle or negotiate to settle any claim unless the settlement fully resolves such claim within the applicable retention or Incur any claims expenses or data breach expenses without prior written consent of the Insurer, and the Insurer shall have the right to appoint counsel and to make such investigation and defense of a covered claims as it deems necessary • Defense costs,claim expenses and data breach expenses are included inside the self-insured retention and inside the limit of insurance Arthur J. Gallagher Risk Management Services,Inc. 2018 CAPP Network Liability Summary CAPP Summary Page 3 Colorado Counties Casualty and Property Pool Network Security and Privacy Liability Program for Members (Continued) Claims Made and Reported Policy Defense Provisions (Continued): • A single retention applies to damages, claims expenses and data breach expenses arising from all claims alleging interrelated wrongful acts • Settlement provision(hammer clause)— Insurer shall not settle any claim without the written consent of the Named Insured. If the Named Insured refuses to consent to a settlement, 30%of the damages plus claims expenses shall be borne by the Named Insured for amounts above what could have been settled by the insurer. • Allocation of defense costs provision—covered and uncovered claims— If Damages, in part,covered by this Policy and, in part, not covered by this Policy, are incurred on account of a single Claim for which the Insurer retains the duty to defend,the Policy will pay one hundred percent(100%)of reasonable and necessary Claims Expenses incurred in the defense of such Claims. • Damages and Claims Expenses incurred by the Insured on account of any Claim for which the Insurer does not retain the duty to defend shall be allocated between covered and uncovered loss based on the relative legal and financial exposures of the parties and loss at issue. • With respect to Data Breach Fund Sidecar Endorsement, Defense and Settlement are amended by Endorsement(see Appendix for Specimen Endorsement, Data Breach Team with Data Breach Fund Sidecar Endorsement) Terms and Conditions: • Definition of Insured amended to include Member • Territory: Coverage provided under this Policy shall extend to Wrongful Acts and Claims taking place, brought or maintained anywhere in the world. • Retention: A. The liability of the Insurer shall apply only to that part of Damages, Claims Expenses, and Data Breach Expenses which are in excess of the applicable Retention amount shown in Item 5 of the Declarations. Such Retention shall be borne uninsured by the Named Insured and at the risk of all Insureds. B. A single Retention amount shall apply to Damages, Claims Expenses, and Data Breach Expenses arising from all Claims alleging Interrelated Wrongful Acts. C. If different parts of a single Claim are subject to different Retentions, the applicable Retention shall be applied separately to each part of the Damages, Claim Expenses, and Data Breach Expenses, but the sum of such Retentions shall not exceed the largest applicable Retention. • Additional Insured—Pursuant to Contract Endorsement: Insured includes any client or customer of the named insured, but only if required by written contract for professional liability or errors and omissions insurance and for vicarious or imputed liability of such client or customer which results from wrongful acts committed solely by the Named Insured. • Data Breach expenses is amended to those reasonable and necessary expenses incurred by the Insured or which the Insured becomes legally obligated to pay. • Coverage is excess over any other valid and collectible insurance • Employment-related invasion of privacy but only as respects that part of any claim arising out of the loss of Personal Information which is otherwise covered under Insuring Agreement A • Amendment of Exclusion V. Intentional Failure to Disclose the loss of Personal Information in violation of any law or regulation to Specified Officers or organizational equivalents and their direct professional reports • Notice of Cancellation-60 Days Arthur J. Gallagher Risk Management Services,Inc. 2018 CAPP Network Liability Summary CAPP Summary Page 4 16 Colorado Counties Casualty and Property Pool Network Security and Privacy Liability Program for Members (Continued) Claims Made and Reported Policy ■ Additional Insuring Agreement and Data Breach Fund Sidecar Endorsement ■ Alternative Dispute Resolution Clause ■ Subrogation Clause ■ Representations Clause ■ Service of Suit Endorsement Extended Reporting Provisions: 12 Months, 100%of the Annual Premium Section V. EXTENDED REPORTING PERIODS If the Insurer terminates or does not renew this Policy(other than for failure to pay a premium when due), or if the Named Insured terminates or does not renew this Policy and does not obtain replacement coverage as of the effective date of such termination or nonrenewal, the Named Insured shall have the right, upon payment of the additional premium described below, to a continuation of the coverage granted by this Policy for at least one Extended Reporting Period as follows: A. Automatic Extended Reporting Period The Named Insured shall have continued coverage granted by this Policy for a period of 60 days following the effective date of such termination or nonrenewal, but only for Claims first made during such 60 days and arising from Wrongful Acts taking place prior to the effective date of such termination or nonrenewal. This Automatic Extended Reporting Period shall immediately expire upon the purchase of replacement coverage by the Named Insured. B. Optional Extended Reporting Period The Named Insured shall have the right, upon payment of the additional premium set forth in Item 8A of the Declarations, to an Optional Extended Reporting Period, for the period set forth in Item 8B of the Declarations following the effective date of such termination or nonrenewal, but only for Claims first made during such Optional Extended Reporting Period and arising from Wrongful Acts taking place prior to the effective date of such termination or nonrenewal. This right to continue coverage shall lapse unless written notice of such election is given by the Named Insured to the Insurer, and the Insurer receives payment of the additional premium within 60 days following the effective date of termination or nonrenewal. The first 60 days of the Optional Extended Reporting Period, if it becomes effective, shall run concurrently with the Automatic Extended Reporting Period. C. The Insurer shall give the Named Insured notice of the premium due for the Optional Extended Reporting Period as soon as practicable following the date the Named Insured gives such notice of such election, and such premium shall be paid by the Named Insured to the Insurer within 10 days following the date of such notice by the Insurer of the premium due. The Optional Extended Reporting Period is not cancelable and the entire premium for the Optional Extended Reporting Period shall be deemed fully earned and non-refundable upon payment. D. The Automatic and Optional Extended Reporting Periods shall be part of and not in addition to the Limit of Liability for the immediately preceding Policy Period. The Automatic and Optional Extended Reporting Periods shall not increase or reinstate the Limit of Liability, which shall be the maximum liability of the Insurer for the Policy Period and the Automatic and Optional Extended Reporting Period, combined. E. A change in Policy terms,conditions, exclusions and/or premiums shall not be considered a nonrenewal for purposes of triggering the rights to the Automatic or Optional Extended Reporting Period. Arthur J. Gallagher Risk Management Services,Inc. 2018 CAPP Network Liability Summary CAPP Summary Page 5 17 Colorado Counties Casualty and Property Pool Network Security and Privacy Liability Program for Members (Continued) Claims Made and Reported Policy Exclusions (including but not . Any known pending and prior litigation as of inception of policy limited to): . Bodily Injury(with exception)or Property Damage (with exception) • Wrongful Employment Practices • Claims resulting from wrongful acts taking place in countries listed on the Office of Foreign Assets and Control (OFAC) list(list located on the US Treasury web site— httpllwww.treas.govlofac) • ERISA • For breach of any express, implied, actual or constructive contract, warranty, guarantee, or promise, including any actual or alleged liability assumed by the Insured • Professional Services provided by any Insured to others • Wrongful Acts that occurred prior to effective date of policy • Any validity, invalidity, infringement,violation, or misappropriation of any Patent, trade secrets, copyright, service mark, trade name, trademark or other intellectual property of any third party • Failure, interruption, or outage to Internet access by the Internet Service Provider that hosts the Insured's website unless such infrastructure is under the insured's operational control • Insured's intentional failure to disclose the loss of Personal Information • Intentional Failure to Disclose Exclusion (intentional failure to disclose the loss of Personal Information in violation of any law or regulation) • Alleging, based upon, arising out of or attributable to any dishonest, fraudulent, criminal, or malicious act, error or omission, or any intentional or knowing violation of the law by an Insured. • False Claims Act • Terrorism Claim Incident Reporting As outlined in Section VIII.NOTICE of the Policy: Provisions: A. Any principal, partner, officer, director or organizational equivalent of an Insured shall, as a condition precedent to their rights under this Policy, give to the Insurer written notice of any Claim as soon as practicable, but in no event later than 30 days after the later of the end of the Policy Period, the Automatic Extended Reporting Period, or, if elected, the Optional Extended Reporting Period. B. If, during the Policy Period, any principal, partner, officer, director or organizational equivalent of an Insured becomes aware of any specific Wrongful Act which may reasonably give rise to a future Claim covered under this Policy, and if the Insureds give written notice to the Insurer during the Policy Period, the Automatic Extended Reporting Period, or, if elected, the Optional Extended Reporting Period of: 1. the identity of the potential claimants; 2. a description of the anticipated Wrongful Act allegations; 3. the identity of the Insureds allegedly involved; 4. the circumstances by which the Insureds first became aware of the Wrongful Act; 5. the consequences which have resulted or may result; and 6. the nature of the potential monetary damages; then any Claim which arises out of such Wrongful Act shall be deemed to have been first made at the time such written notice was received by the Insurer. No coverage is provided for fees,expenses and other costs incurred prior to the time such Wrongful Act results in a Claim • Notices shall be in writing and given by prepaid express courier or certified mail • Notice amended to add: Claim notices may also be transmitted via email to: ACE Clai m Fi rstNoti ce(c�Chubb.co m Arthur J. Gallagher Risk Management Services,Inc. 2018 CAPP Network Liability Summary CAPP Summary Page 6 18 Colorado Counties Casualty and Property Pool Network Security and Privacy Liability Program for Members (Continued) Claims Made and Reported Policy Report Claim or Wrongful Direct of Claims Act to: ACE USA P.O. Box 5105 Scranton, PA 18505-0518 Fax: 888-844-9073 E-Mail: ACECIaimFirstNotice@Chubb.com All other Notices: Chief Underwriting Officer ACE USA, professional Risk 1133 Avenue of the Americas, 32nd Floor New York, NY 10036 Contact County Technical Services, Inc. for assistance in claim reporting Per Member Limits and Retentions Retentions for All Insuring Insuring Agreements Limits Agreements (Each Claim) Privacy Liability $1,000,000 Per Member $25,000 for Members with Encryption (1) $1,000,000 Per Member Aggregate $50,000 for Members without Encryption Network Liability $1,000,000 Per Member $25,000 for Members with Encryption (1) $1,000,000 Per Member Aggregate $50,000 for Members without Encryption Internet Media Liability $1,000,000 Per Member $25,000 for Members with Encryption(1) $1,000,000 Per Member Aggregate $50,000 for Members without Encryption $1,000,000 Per Member $25,000 for Members with Encryption (1) Extortion Coverage $1,000,000 Per Member Aggregate $50,000 for Members without Encryption Regulatory Proceeding $500,000 Per Member $25,000 for Members with Encryption (1) $50,000 for Members without Encryption Digital Asset Loss $500,000 Per member $25,000 for Members with Encryption (1) $50,000 for Members without Encryption Business Interruption $500,000 Per Member $25,000 for Members with Encryption (1) $50,000 for Members without Encryption PCI Fines and Penalties $500,000 Per Member $25,000 for Members with Encryption (1) $50,000 for Members without Encryption Data Breach Expenses Fund—Side Car Data Breach Coach, Computer $500,000 Each member—Sidecar $25,000 for Members with Encryption (1) Forensics, Public Relations or $100,000 Standard—this applies if $50,000 for Members without Encryption Crisis Communications, Law Firm to member decides to use a Data Determine Insured's Breach Coach that is not approved $0 Retention applies to data breach Indemnification, Credit Monitoring, by the Company expenses if retaining the services of the etc. Data Breach Coach through Company (1) Members with $25,000 Retention: Alamosa,Archuleta, Chaffee, Clear Creek, Conejos, Crowley, Delta, Eagle, Garfield, Grand, Huerfano, Jackson, Kiowa, Kit Carson, Lake, La Plata, Montrose, Pueblo, Rio Grande, Routt, Saguache, San Miguel, Sedgwick, Summit,Weld. If other members will provide written confirmation that some form of encryption has been implemented, the Retention will be lowered mid-term to$25,000. Arthur J. Gallagher Risk Management Services,Inc. 2018 CAPP Network Liability Summary CAPP Summary Page 7 19 Colorado Counties Casualty and Property Pool Network Security and Privacy Liability Program for Members (Continued) Claims Made and Reported Policy Pool Aggregates Retentions for All Insuring Agreements Insuring Agreements Limits (Each Claim) Privacy Liability $5,000,000 As per Member Retentions listed above Network Liability $5,000,000 As per Member Retentions listed above Internet Media Liability $5,000,000 As per Member Retentions listed above Regulatory Proceeding $2,500,000 As per Member Retentions listed above Digital Asset Loss $2,500,000 As per Member Retentions listed above Business Interruption $2,500,000 As per Member Retentions listed above PCI Fines and Penalties $2,500,000 As per Member Retentions listed above Data Breach Expenses Fund—Side Car Data Breach Coach, Computer $2,500,000 As per Member Retentions listed above Forensics, Public Relations or $500,000 Standard-this applies if Crisis Communications, Law Firm to member decides to use a Data $0 Retention applies to data breach Determine Insured's Breach Coach that is not approved expenses if retaining the services of the Indemnification, Credit Monitoring, by the Company Data Breach Coach through Company etc. Maximum Policy Aggregate $5,000,000 Arthur J. Gallagher Risk Management Services,Inc. 2018 CAPP Network Liability Summary CAPP Summary Page 8 20 C H U B B' ACE Privacy Protection® Privacy & Network Liability Insurance Policy Declarations This Policy is issued by the stock insurance company listed above. THIS POLICY IS A CLAIMS MADE AND REPORTED POLICY. EXCEPT AS OTHERWISE PROVIDED HEREIN, THIS POLICY COVERS ONLY CLAIMS FIRST MADE AGAINST THE INSUREDS AND REPORTED TO THE INSURER DURING THE POLICY PERIOD OR EXTENDED REPORTING PERIOD, IF APPLICABLE, AND WHICH ARE THE RESULT OF WRONGFUL ACTS COMMITTED AFTER THE RETROACTIVE DATE BUT BEFORE THE END OF THE POLICY PERIOD. PLEASE READ THIS POLICY CAREFULLY. THE LIMITS OF LIABILITY AVAILABLE TO PAY INSURED DAMAGES SHALL BE REDUCED BY AMOUNTS INCURRED FOR CLAIMS EXPENSES. FURTHER NOTE THAT AMOUNTS INCURRED FOR DAMAGES AND CLAIMS EXPENSES SHALL BE APPLIED AGAINST THE RETENTION AMOUNT. TERMS THAT APPEAR IN BOLD FACE TYPE HAVE SPECIAL MEANING. PLEASE REFER TO SECTION II, DEFINITIONS. In the event of a Claim, or Potential Claim under Insuring Agreement B where urgent crisis management support is required, please contact: Data Breach Coach Hotline: 1 (800) 817-2665 or cyberalert@chubb.com Policy No. EON G25660328 005 Item 1. Named Insured: Colorado Counties Casualty and Property Pool Principal Address: 800 Grant Street Suite 400 Denver, CO 80203 Item 2. Policy Period: From 12:01 a.m. 01/01/2018 To 12:01 a.m. 01/01/2019 (Local time at the address shown in Item 1) Item 3. Insuring Agreements: A. Privacy Liability B. Data Breach Fund C. Network Security Liability D. Internet Media Liability E. Digital Asset Coverage F. Business Interruption Loss G. Network Extortion MS-472.4 i@AO)J Network Liability Policy CAPP Page 1 of 39 Page 1 of 3 Item 4. Limit of Liability (including Claims Expenses): A. Limit of Liability for Insuring Agreements: Each Claim Pool Aggregate A. Privacy Liability $1,000,000 $5,000,000 B. Data Breach Fund per member certificate $2,500,000 C. Network Security Liability $1,000,000 $5,000,000 D. Internet Media Liability $1,000,000 $5,000,000 E. Digital Asset Coverage $500,000 $2,500,000 F. Business Interruption Loss $500,000 $2,500,000 G. Network Extortion $1,000,000 $5,000,000 B. Regulatory Proceeding Sub-Limit of Liability $500,000 $2,500,000 C. Payment Card Loss Sub-Limit of Liability $500,000 $2,500,000 D. Maximum Policy Aggregate Limit of Liability: $5,000,000 Item 5. Retention: per member certificate each Claim for Coverages A per member certificate each Claim for Coverages B per member certificate each Claim for Coverages C per member certificate each Claim for Coverages D per member certificate each Claim for Coverages E per member certificate each Claim for Coverages F per member certificate each Claim for Coverages G Item 6. Notice to Insurer: A. Notice of Claim, Wrongful Act: Chubb P.O. Box 5105 Scranton, PA 18505-0518 Fax: 877-201-8787 Email address for submitting Management Liability Claims ACECIaimsFirstNotice@chubb.com B. All other notices: Chief Underwriting Officer Chubb—Financial Lines Attn: Chief Underwriting Officer 1133 Avenue of the Americas, 32nd Floor New York, NY 10036 Item 7. Policy Premium: $145,888 2018 CAPP Network Liability Policy CAPP Page 2 of 39 Item 8. Optional Extended Reporting Period: A. Additional Premium: 100% of Last Annual Policy B. Additional Period: Premium 12 Months Item 9. Retroactive Date: A. Privacy Liability 1/1/2014 B. Data Breach Fund 1/1/2014 C. Network Security Liability 1/1/2014 D. Internet Media Liability 1/1/2014 E. Digital Asset Coverage 1/1/2014 F. Business Interruption Loss 1/1/2014 G. Network Extortion 1/1/2018 IN WITNESS WHEREOF, the Insurer has caused this Policy to be countersigned by a duly authorized representative of the Insurer. DATE: 02/01/2018 Authorized Representative MS-47228 (02/16) Page 3 of 3 2018 CAPP Network Liability Policy CAPP Page 3 of 39 ACE American Insurance Company ACE Privacy Protectiorf Privacy and Network Liability Insurance Policy In consideration of the payment of the premium, in reliance upon the Application, and subject to the Declarations and the terms and conditions of this Policy, the Insureds and the Insurer agree as follows: INSURING AGREEMENTS A. Privacy Liability The Insurer will pay Damages and Claims Expenses by reason of a Claim first made against the Insured during the Policy Period and reported to the Insurer pursuant to Section VIII, Notice, for any Wrongful Acts taking place after the Retroactive Date and prior to the end of the Policy Period. B. Data Breach Fund The Insurer will pay Data Breach Expenses incurred by the Insured during the Policy Period by reason of a Claim reported to the Insurer pursuant to Section VIII, Notice, for any Wrongful Acts taking place after the Retroactive Date and prior to the end of the Policy Period. C. Network Security Liability The Insurer will pay Damages and Claims Expenses by reason of a Claim first made against the Insured during the Policy Period and reported to the Insurer pursuant to Section VIII, Notice, for any Wrongful Acts taking place after the Retroactive Date and prior to the end of the Policy Period. D. Internet Media Liability The Insurer will pay Damages and Claims Expenses of the Insured by reason of a Claim first made against the Insured during the Policy Period and reported to the Insurer pursuant to Section VIII, Notice, for any Wrongful Acts taking place after the Retroactive Date and prior to the end of the Policy Period. E. Digital Asset Coverage If Insuring Agreement E, Digital Asset Coverage, is purchased pursuant to Item 3 of the Declarations, the Insurer will pay the Digital Asset Loss incurred by the Insured resulting directly from a Claim which occurs during the Policy Period. F. Business Interruption Loss If Insuring Agreement F, Business Interruption Coverage, is purchased pursuant to Item 3 of the Declarations, the Insurer will pay the Income Loss and Extra Expense incurred by the Insured during the Period of Restoration resulting directly from a Claim reported to the Insured which occurs during the Policy Period. G. Network Extortion The Insurer will pay Extortion Expenses incurred by the Insured by reason of a Claim first made against the Insured and reported to the Insurer pursuant to Section VIII, Notice, for any Wrongful Acts taking place after the Retroactive Date and prior to the end of the Policy Period. II. DEFINITIONS When used in this Policy: A. Advertising means promotional material (including branding, co-branding, sponsorships and/or endorsements), publicly disseminated on the Insured's Website on behalf of the Named Insured. B. Application means all applications, including any attachments thereto, and all other information and materials submitted by or on behalf of the Insureds to the Insurer in connection with the Insurer 2018 CAPP Network Liability Policy CAPP Page 4 of 39 underwriting this Policy or any policy of which this Policy is a direct or indirect renewal or replacement. All such applications, attachments, information and materials are deemed attached to and incorporated into this Policy. C. Bank means an issuing or acquiring bank which processes Payment Card transactions. D. Bodily Injury means injury to the body, sickness, or disease, and death. Bodily Injury also means mental injury, mental anguish, mental tension, emotional distress, pain and suffering, or shock, whether or not resulting from injury to the body, sickness, disease or death of any person. However, Bodily Injury does not mean mental injury, mental anguish, mental tension, emotional distress, pain and suffering, or shock resulting from a Wrongful Act for which coverage is provided under Section I, Insuring Agreements A or D. E. Certified Act of Terrorism means an act that is certified by the Secretary of the Treasury, in concurrence with the Secretary of State and the Attorney General of the United States, to be an act of terrorism pursuant to the federal Terrorism Risk Insurance Act. The criteria contained in the Terrorism Risk Insurance Act for a Certified Act of Terrorism include the following: 1. The act resulted in insured losses in excess of $5 million in the aggregate, attributable to all types of insurance subject to the Terrorism Risk Insurance Act; and 2. The act is a violent act or an act that is dangerous to human life, property or infrastructure and is committed by an individual or individuals as part of an effort to coerce the civilian population of the United States or to influence the policy or affect the conduct of the United States Government by coercion. F. Claim means: 1. with respect to Insuring Agreements A and C: a. a written demand against any Insured for monetary or non-monetary damages; b. a civil proceeding against any Insured seeking monetary damages or non-monetary or injunctive relief, commenced by the service of a complaint or similar pleading; c. an arbitration proceeding against any Insured seeking monetary damages or non-monetary or injunctive relief; or d. a Regulatory Proceeding; 2. with respect to Insuring Agreement B, a written report by the Insured to the Insurer of a failure by the Insured or by an independent contractor for which the Insured is legally responsible to properly handle, manage, store, destroy or otherwise control Personal Information; including, where applicable, any appeal therefrom. 3. with respect to Insuring Agreement D: a. a written demand against any Insured for monetary or non-monetary damages; b. a civil proceeding against any Insured seeking monetary damages or non-monetary or injunctive relief, commenced by the service of a complaint or similar pleading; c. an arbitration proceeding against any Insured seeking monetary damages or non-monetary or injunctive relief; 4. with respect to Insuring Agreement E, a Network Security Failure; 5. with respect to Insuring Agreement F, an Interruption in Service; 6. with respect to Insuring Agreement G, a Network Extortion; G. Claims Expenses means: 1. reasonable and necessary attorneys' fees, expert witness fees and other fees and costs incurred by the Insurer, or by the Insured with the Insurer's prior written consent, in the investigation and defense of a covered Claim; and 2. reasonable and necessary premiums for any appeal bond, attachment bond or similar bond, 2018 CAPP Network Liability Policy CAPP Page 5 of 39 provided the Insurer shall have no obligation to apply for or furnish such bond. Claims Expenses shall not include wages, salaries, fees or costs of directors, officers or employees of the Insurer or the Insured. H. Computer System means computer hardware, software, firmware, and the data stored thereon, as well as associated input and output devices, data storage devices, networking equipment and Storage Area Network or other electronic data backup facilities. Consumer Redress Fund means a sum of money which the Insured is legally obligated to deposit in a fund as equitable relief for the payment of consumer claims due to an adverse judgment or settlement of a Regulatory Proceeding. Consumer Redress Fund shall not include any sums paid which constitute taxes, fines, penalties, injunctions or sanctions. J. Damages means compensatory damages, any award of prejudgment or post-judgment interest, and settlements which the Insured becomes legally obligated to pay on account of any Claim first made against any Insured during the Policy Period or, if elected, the Extended Reporting Period, for Wrongful Acts to which this Policy applies. Damages shall not include: 1. any amount for which the Insured is not financially liable or legally obligated to pay; 2. taxes, fines (except Regulatory Fines as noted below), penalties, or sanctions imposed against the Insured; 3. matters uninsurable under the laws pursuant to which this Policy is construed; 4. the cost to comply with any injunctive or other non-monetary or declaratory relief, including specific performance, or any agreement to provide such relief; 5. loss of fees or profits by the Insured, return of fees, commissions or royalties by the Insured, or re- performance of services by the Insured or under the Insured's supervision; 6. disgorgement of any profit, remuneration or financial advantage to which any Insured was not legally entitled; 7. Data Breach Expenses or any other forensic, notification, crisis management or credit monitoring expenses, unless (i) such expenses constitute compensatory damages of a direct settlement with the injured natural persons of a Claim for a Wrongful Act as defined in subparagraph 1.a.i of the definition of Wrongful Act, or (ii) solely with respect to coverage afforded under the Data Breach Fund Sidecar, unless such expenses constitute a direct settlement of a Regulatory Proceeding or compensatory damages of a direct settlement with the injured natural persons of a Claim for a Wrongful Act as defined in subparagraph 1.a.i of the definition of Wrongful Act; 8. liquidated damages pursuant to a contract, unless, even in the absence of such contract, the Insured would be liable for such damages as result of a Wrongful Act; 9. penalties of any nature, however denominated, arising by contract; and 10. any amounts other than those which compensate solely for a loss caused by a Wrongful Act. Damages includes punitive and exemplary damages to the extent such damages are insurable under the internal laws of the applicable jurisdiction that most favors coverage for such damages. With respect to Insuring Agreements A and C, Damages shall also include a Consumer Redress Fund and Regulatory Fines. Solely with respect to Insuring Agreements A and C, and subject to a Policy Pool Aggregate sub-limit of liability of $2.500.000 as reflected at Item 4 C of the Declarations and an Each Claim and Aggregate sublimit of liability for each Member of $250,000 as reflected at Item 4C of each Member Certificate, Damages also includes Payment Card Loss. This Payment Card Loss sub-limit of liability is part of, and not in addition to, the Each Claim and Aggregate Limits of Liability stated in Item 4 of the Declarations and of each Member Certificate, and shall in no way serve to increase such limits. K. Data Breach Coach means the law firm within the Data Breach Team designated for consultative and pre-litigation services provided to the Insured. L. Data Breach Expenses means: 1. solely with respect to the Standard Data Breach Fund, those reasonable and necessary expenses incurred by the Insured or which the Insured becomes legally obligated to pay: a. to retain third party computer forensics services to determine the scope or cause of a failure of Network Security or failure to properly handle, manage, store, destroy or otherwise control Personal Information; 2018 CAPP Network Liability Policy CAPP Page 6 of 39 b. to comply with Privacy Regulations, including but not limited to the consumer notification provisions of Privacy Regulations of the applicable jurisdiction that most favors coverage for such expenses; c. with the Insurer's prior written consent, to voluntarily notify individuals whose Personal Information has been wrongfully disclosed; d. in retaining the services of a public relations firm, crisis management firm or law firm for advertising or related communications solely for the purpose of protecting or restoring the Insured's reputation as a result of a Wrongful Act; e. to retain the services of a law firm solely to determine the Insured's indemnification rights under a written agreement with an independent contractor with respect to a Privacy Liability Wrongful Act actually or allegedly committed by such contractor; and f. for credit monitoring services, but only if such disclosure of Personal Information could result in the opening of an unauthorized line of credit or other financial account, or medical identity resolution services. 2. solely with respect to the Data Breach Fund Sidecar (and subject to the Data Breach Fund Sidecar Coverage Conditions section set forth in Section XII of the Policy), those reasonable and necessary expenses incurred by the Insured or which the Insured becomes legally obligated to pay: a. to retain the services of the Data Breach Coach, including but not limited to retaining such services for Regulatory Communications; b. to retain the services of a third party computer forensics firm to determine the cause and scope of a failure by the Insured, or by an independent contractor for whom the Insured is legally responsible, to properly handle, manage, store, destroy or otherwise control Personal Information; c. to comply with Privacy Regulations, including but not limited to: i. retaining the services of a law firm to determine the applicability and actions necessary to comply with Privacy Regulations, including but not limited to Regulatory Communications and drafting notification letters; ii. retaining the services of a notification service; and iii. retaining the services of a call center support service; For purposes of this subsection M2c, compliance with Privacy Regulations shall follow the law of the applicable jurisdiction that most favors coverage for such expenses; d. to retain the services of: i. a public relations or crisis communications firm; and ii. a notification service to voluntarily notify individuals whose Personal Information has been wrongfully disclosed or otherwise compromised; solely for the purpose of protecting or restoring the reputation of, or mitigating financial harm to, the Insured as a result of a Wrongful Act; e. to retain the services of a law firm solely to determine the Insured's indemnification rights under a written agreement with an independent contractor with respect to a Wrongful Act expressly covered under Insuring Agreement A of this Policy and actually or allegedly committed by such contractor; f. to retain the services of a licensed investigator or credit specialist to provide up to one year of fraud consultation to the individuals whose Personal Information has been wrongfully disclosed or otherwise compromised; g. with the Insurer's prior written consent, for credit monitoring, credit freezing, or fraud alert service expenses for those individuals who accept an offer made by or on behalf of the Insured for, and receive, credit monitoring, credit freezing or fraud alert service; and h. to retain the services of a third party identity restoration service for those individuals who are confirmed by a licensed investigator as victims of identity theft directly resulting from a Wrongful Act expressly covered under Insuring Agreement A of this Policy; 3. With respect to both the Standard Data Breach Fund and Data Breach Fund Sidecar, Data Breach Expenses shall not include: 2018 CAPP Network Liability Policy CAPP Page 7 of 39 a. costs or expenses incurred to update or otherwise improve privacy or network security controls, policies or procedures to a level beyond that which existed prior to the loss event or to be compliant with Privacy Regulations; b. taxes, fines, penalties, injunctions or sanctions; and c. regular or overtime wages, salaries or fees of the Insured. M. Data Breach Team means a list of approved service providers to provide legal, computer forensic, notification, call center, public relations, crisis communications, fraud consultation, credit monitoring, and identity restoration advice and services. The list of approved service providers is available at the eRisk Hub° website to the Named Insured via passcode. In the event of a breach, contact the Data Breach Coach as indicated on the Declarations. N. Digital Asset means software and data in electronic form which is stored on the Insured's Computer System. Digital Asset shall include the capacity of the Insured's Computer System to store information, process information, and broadcast information over the Internet. O. Digital Asset Loss means those reasonable and necessary costs incurred to replace, restore, or re- collect Digital Assets from written records or from partially or fully matching electronic data records due to their corruption or destruction caused by a Network Security Failure. This shall include disaster recovery or computer forensic investigation efforts; however, in the event that the Digital Assets cannot be replaced, restored or re-collected, Digital Asset Loss shall be limited to the reasonable and necessary costs incurred to reach this determination. Digital Asset Loss does not include: 1. costs or expenses incurred to update, replace, restore, or otherwise improve Digital Assets to a level beyond that which existed prior to the loss event; 2. costs or expenses incurred to identify or remediate software program errors or vulnerabilities, or costs to update, restore, replace, upgrade, update, maintain, or improve any Computer System; 3. costs incurred to research and develop Digital Assets, including Trade Secrets; 4. the economic or market value of Digital Assets, including Trade Secrets; or 5. any other consequential loss or damage P. Domestic Partner means any natural person qualifying as a domestic partner under the provisions of any applicable federal, state or local law or under the provisions of any formal program established by the Insured. Q. Extended Reporting Period means the period(s) for the extension of coverage, if applicable, described in Section V, Extended Reporting Periods. R. Extortion Expenses means reasonable and necessary expenses incurred by the Insured, with the Insurer's written consent, that directly result from a Network Extortion, including monies paid by the Insured to a person or persons reasonably believed to be responsible for a Network Extortion for the purposes of terminating that Network Extortion. S. Extra Expense means reasonable and necessary expenses incurred to mitigate, avoid or reduce an Interruption in Service, provided they are over and above expenses that the Insured would have incurred had there been no Interruption in Service. Extra Expense shall also include any expenses incurred by the Insured for the purpose of reducing the Period of Restoration, but solely to the extent such expenses are approved, in writing, by the Insurer before they are incurred. Extra Expense does not include: 1. costs of preventing a loss or correcting any deficiencies or problems with the Insured's Computer System that might cause or contribute to a Claim; or 2. penalties of any nature, however denominated, arising by contract. T. Income Loss means the net profit before taxes that the Insured does not realize due to an Interruption in Service, including fixed charges incurred by the Insured to the extent that such charges would have 2018 CAPP Network Liability Policy CAPP Page 8 of 39 been incurred had there been no Interruption in Service. Income Loss shall be calculated on an hourly basis based on net profit and shall apply only to that time period during which the Insured's Computer System is affected by an Interruption in Service. U. Insured means: 1. The Member; 2. Subsidiaries of the Member, but only with respect to Wrongful Acts which occur while they are a Subsidiary; 3. any past, present or future principal, partner, officer, director, trustee, employee, leased employee, or temporary employee of the Member or a Subsidiary, but only with respect to the commission of a Wrongful Act committed within the scope of such person's duties performed on behalf of the Member or such Subsidiary; and 4. independent contractors of the Member or of a Subsidiary who are natural persons, but only with respect to the commission of a Wrongful Act within the scope of such person's duties performed on behalf of the Member or such Subsidiary. V. Insured's Computer System means 1. Solely with respect to the coverage afforded under Insuring Agreements A, B, C, or D, a Computer System: a. leased, owned, or operated by the Insured; or b. operated for the benefit of the Insured by a third party service provider under written contract with the Insured. 2. Solely with respect to the coverage afforded under Insuring Agreements E or F, a Computer System: a. leased, owned, or operated by the Insured; or b. operated solely for the benefit of the Insured by a third party service provider under written contract with the Insured. W. Insurer means the insurance company providing this insurance. X. Internet means the worldwide public network of computers which enables the transmission of electronic data and which includes intranets, extranets and virtual private networks. Y. Internet Content means any data, text, sounds, images or similar matter disseminated electronically on the Insured's Website, including but not limited to Advertising. Internet Content shall not include the actual goods, products or services described, illustrated or displayed on the Insured's Website. Z. Internet Media means the electronic publishing, dissemination, releasing, gathering, transmission, production, webcasting, or other distribution of Internet Content on the Insured's Website on behalf of the Insured. AA. Interrelated Wrongful Acts means all Wrongful Acts by a Member that have as a common nexus any fact, circumstance, situation, event, transaction, cause or series of related facts, circumstances, situations, events, transactions or causes.\ BB. Interruption in Service means a detectable interruption or degradation in service or the failure of the Insured's Computer System caused by a Network Security Failure. CC. Member means the organization specified in Item 1 of the Declarations of the Member Certificate. DD. Mediation means a non-binding process in which a neutral panel or individual assists the parties in reaching a settlement agreement. To be considered Mediation under this Policy, the process must be as set forth in the Commercial Mediation Rules of the American Arbitration Association, or such other process as the Insurer may, at its sole option, approve. EE. Named Insured means the organization or natural person first specified in Item 1 of the Declarations. FF. Network Extortion means any credible threat or series of related threats directed at the Insured by anyone to: 2018 CAPP Network Liability Policy CAPP Page 9 of 39 1. release, divulge, disseminate, destroy or use the confidential information of a third party taken from the Insured as a result of unauthorized access to or unauthorized use of the Insured's Computer System; or 2. cause a failure of Network Security; GG. Network Security means those activities performed by the Insured, or by others on behalf of the Insured, to protect against unauthorized access to, unauthorized use of, a denial of service attack by a third party directed against, or transmission of unauthorized, corrupting or harmful software code to, the Insured's Computer System. HH. Payment Card means an account, or evidence of an account, authorized between a Payment Card Customer and Payment Card Brand, or representatives of a Payment Card Brand, including but limited to credit cards, debit cards, charge cards, fleet cards and stored value cards. II. Payment Card Brand means any payment provider whose payment method is accepted for processing, including but not limited to Visa, Inc., MasterCard Incorporated, Discover Financial Services, American Express Company, and JCB Company, Ltd. JJ. Payment Card Customer means the person or entity to whom a Payment Card is issued or who is otherwise authorized to use a Payment Card. KK. Payment Card Industry Data Security Standard means the rules, regulations, standards or guidelines adopted or required by the Payment Card Brands or the Payment Card Industry Data Security Standards Council relating to data security and the safeguarding, disclosure and handling of Payment Card Information. LL. Payment Card Information means nonpublic personal information relating to a Payment Card Customer in the Insured's care, custody or control, including but not limited to account number, expiration date, personal identification number, security code data, magnetic strip track data, and the Payment Card Customer's name, date of birth or zip code. MM. Payment Card Loss means a monetary assessment which the Insured becomes legally obligated to pay pursuant to a Payment Card Processing Agreement due to an Insured's non-compliance with the Payment Card Industry Data Security Standard resulting from the Insured's failure: 1. of Network Security, or 2. to properly handle, manage, store, destroy or otherwise control Payment Card Information. Payment Card Loss shall not include subsequent fines or assessments for continued noncompliance with the Payment Card Industry Data Security Standard. NN. Payment Card Processing Agreement means a valid and enforceable written agreement between the Insured and a Payment Card Brand or a Bank which regulates the Insured's performance of payment card processing services, cashless payment processing services, or services related thereto. OO. Period of Restoration means the continuous period of time that: 1. begins with the earliest date of an Interruption in Service; and 2. ends on the date when the Insured's Computer System is or could have been repaired or restored with reasonable speed to the same functionality and level of service that existed prior to the Interruption in Service. In no event shall the Period of Restoration exceed thirty (30) days. Period of Restoration does not include any increases in the period of time defined above due to the enforcement of any law, ordinance or regulation or due to the actions of strikers or due to any loss of any licenses. PP. Personal Information means: 1. an individual's name, social security number, medical or healthcare data, other protected health information, drivers license number, state identification number, credit card number, debit card number, address, telephone number, account number, account histories, or passwords; and 2. other nonpublic personal information as defined in Privacy Regulations; in any format. Personal Information shall not include information that is lawfully made available to the general public for any reason, including but not limited to information from federal, state or local 2018 CAPP Network Liability Policy CAPP Page 10 of 39 government records. QQ. Personal Injury means injury arising out of one or more of the following offenses: 1. false arrest, detention or imprisonment; 2. malicious prosecution; 3. libel, slander, or other defamatory or disparaging material; 4. publication or an utterance in violation of an individual's right to privacy; and 5. wrongful entry or eviction, or other invasion of the right to private occupancy. RR. Policy means, collectively, the Declarations, Application, this policy form and any endorsements. SS. Policy Period means the period of time specified in Item 2 of the Declarations, subject to any applicable prior termination pursuant to Section XIV, Termination of the Policy. TT. Privacy Regulations means the following statutes and regulations associated with the care, custody, control or use of personally identifiable financial, medical or other sensitive information: 1. Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) and Health Information Technology for Economic and Clinical Health Act; 2. Gramm-Leach-Bliley Act of 1999; 3. the California Security Breach Notification Act (CA SB 1386) and Massachusetts 201 CMR 17; 4. Identity Theft Red Flags under the Fair and Accurate Credit Transactions Act of 2003; 5. Section 5(a) of the Federal Trade Commission Act, 15 U.S.C. § 45(a), but solely for alleged violations of unfair or deceptive acts or practices in or affecting commerce, and 6. other similar state, federal, and foreign identity theft and privacy protection legislation that requires commercial entities that collect Personal Information to post privacy policies, adopt specific privacy or security controls, or notify individuals in the event that Personal Information has potentially been compromised. UU. Property Damage means: 1. physical injury to, or loss or destruction of, tangible property, including the loss of use thereof; and 2. loss of use of tangible property which has not been physically injured, lost, damaged or destroyed. However, Property Damage does not mean physical injury to, loss or destruction of, or loss of use of intangible property, including data. VV. Regulatory Communications means those reasonable and necessary expenses incurred by the Insured to retain the services of a law firm to: 1. communicate with a government agency to determine the applicability and actions necessary to comply with Privacy Regulations; and 2. respond to a request for information or demand by a governmental agency alleging the violation of Privacy Regulations; as a result of a Wrongful Act as set forth in subsection DDD, numbered paragraph 2 of such definition. WW. Regulatory Fines means any civil monetary fine or penalty imposed by a federal, state, local or foreign governmental entity in such entity's regulatory or official capacity pursuant to its order under a Regulatory Proceeding or Regulatory Communications. Regulatory Fines shall not include any civil monetary fines or penalties that are not insurable by law, criminal fines, disgorgement of profits or multiple damages. XX. Regulatory Proceeding means a suit, civil investigation or civil proceeding by or on behalf of a government agency, commenced by a service of a complaint or similar pleading alleging the violation of Privacy Regulations as a result of the Insured's Wrongful Act, and which may reasonably be expected to give rise to a covered Claim under Insuring Agreements A or C of this Policy. YY. Retroactive Date means the date specified in Item 9 of the Declarations for the applicable Insuring Agreement. ZZ. Subsidiary means any entity that is not formed as a partnership or joint venture of which the Named Insured owns or has the right to vote more than 50% of the outstanding voting securities representing 2018 CAPP Network Liability Policy CAPP Page 11 of 39 the present right to vote for election of directors, or the managers or members of the board of managers or equivalent executives of a limited liability company, on or before the inception date of the Policy, either directly or indirectly, in any combination, by one or more other Subsidiaries. AAA. Trade Secret means information, including a formula, pattern, compilation, program, device, method, technique or process, that derives independent economic value, actual or potential, from not being generally known to or readily ascertainable by other persons who can obtain value from its disclosure or use, so long as reasonable efforts have been made to maintain its secrecy. BBB. Waiting Period means the number of hours specified in Item 10 of the Member Certificate Declarations. CCC. Website means the software, content and other materials accessible via the Internet at a designated Uniform Resource Locator address. DDD. Wrongful Act means any error, misstatement, misleading statement, act, omission, neglect, breach of duty, or Personal Injury offense actually or allegedly committed or attempted by any Insured, in their capacity as such, resulting in: 1. With respect only to Insuring Agreement A: a. the failure by the Insured or by an independent contractor for which the Insured is legally responsible to properly handle, manage, store, destroy or otherwise control: i. Personal Information; or ii. third party corporate information in any format provided to the Insured and specifically identified as confidential and protected under a nondisclosure agreement or similar contract with the Named Insured or Subsidiary; or b. an unintentional violation of the Insured's privacy policy that results in the violation of any Privacy Regulation. 2. With respect only to Insuring Agreement B, the failure by the Insured or by an independent contractor for which the Insured is legally responsible to properly handle, manage, store, destroy or otherwise control Personal Information. 3. With respect only to Insuring Agreement C, a failure of Network Security. 4. With respect only to Insuring Agreement D: a. product disparagement, trade libel, infliction of emotional distress, mental anguish, outrage or outrageous conduct; b. false light, public disclosure of private facts, or the intrusion and commercial appropriation of a name, persona or likeness; c. plagiarism, piracy (excluding patent infringement), or the misappropriation or unauthorized use of advertising ideas, advertising material, titles, literary or artistic formats, styles or performances; d. the infringement of copyright, domain name, trademark, trade name, trade dress, title or slogan, service mark, or service name; or e. negligence with respect to the Insured's creation or dissemination of Internet Content, but solely in the course of the Insured's Internet Media activities. 5. With respect only to Insuring Agreement G, a Network Extortion arising from a failure of a Network Security. EEE. Wrongful Employment Practices means any actual or alleged: 1. wrongful dismissal or discharge or termination of employment, whether actual or constructive; 2. employment-related misrepresentation; 3. violation of any federal, state, or local laws (whether common or statutory) concerning employment or discrimination in employment; 4. sexual harassment or other unlawful workplace harassment; 5. wrongful deprivation of a career opportunity or failure to employ or promote; 6. wrongful discipline of employees; 2018 CAPP Network Liability Policy CAPP Page 12 of 39 7. retaliation against employees for the exercise of any legally protected right or for engaging in any legally protected activity; 8. negligent evaluation of employees; 9. failure to adopt adequate workplace or employment policies and procedures; 10. employment-related libel, slander, or defamation; 11. employment-related invasion of privacy, except with respect to that part of any Claim arising out of the loss of Personal Information which is otherwise covered under Insuring Agreement A of this Policy; 12. employment-related wrongful infliction of emotional distress, except with respect to that part of any Claim arising out of the loss of Personal Information which is otherwise covered under Insuring Agreement A of this Policy; and 13. any actual or alleged discrimination, sexual harassment, or violation of a natural person's civil rights relating to such discrimination or sexual harassment, whether direct, indirect, intentional or unintentional. The foregoing definitions shall apply equally to the singular and plural forms of the respective words. III. EXCLUSIONS The Insurer shall not be liable for Damages, Claims Expenses, or Data Breach Expenses, Digital Asset Loss, Extra Expense, Extortion Expense, or Income Loss on account of any Claim: A. alleging, based upon, arising out of or attributable to any dishonest, fraudulent, criminal, or malicious act, error or omission, or any intentional or knowing violation of the law by an Insured. However, this exclusion shall not apply to Claims Expenses or the Insurer's duty to defend any such Claim until there is a judgment against, binding arbitration against, adverse admission by, finding of fact against, or plea of nolo contendere or no contest by the Insured, at which time the Insured shall reimburse the Insurer for any Claims Expenses paid by the Insurer. Solely with respect to the applicability of this exclusion under Insuring Agreements A and C, only facts pertaining to and knowledge possessed by any principal, partner, officer or director of an Insured shall be imputed to other Insureds. B. alleging, based upon, arising out of or attributable to any Bodily Injury or Property Damage. C. for breach of any express, implied, actual or constructive contract, warranty, guarantee, or promise, including any actual or alleged liability assumed by the Insured, unless such liability would have attached to the Insured even in the absence of such contract, warranty, guarantee, or promise. However, subject to the Payment Card Loss sublimit of liability stated in the definition of Damages, this exclusion shall not apply to that part of a Claim for a Payment Card Loss. D. brought or maintained by, on behalf of, or in the right of any Insured, or any other natural person or entity for whom or which an Insured is legally liable. However, this exclusion shall not apply to Wrongful Acts expressly covered under Section I, Insuring Agreement A. E. alleging, based upon, arising out of or attributable to any: 1. illegal discrimination of any kind; 2. humiliation, harassment or misconduct based upon, arising out of or related to any such discrimination; 3. Wrongful Employment Practices. F. alleging, based upon, arising out of or attributable to any price fixing, restraint of trade, monopolization, unfair trade practices or other violation of the Federal Trade Commission Act, the Sherman Anti-Trust Act, the Clayton Act, or any other federal statutory provision involving antitrust, monopoly, price fixing, price discrimination, predatory pricing or restraint of trade activities, and any amendments thereto or any rules or regulations promulgated thereunder or in connection with such statutes, or any similar provision of any federal, state, or local statutory law or common law anywhere in the world. However, with respect to a Wrongful Act expressly covered under Insuring Agreements A or C, this exclusion shall not apply to a Regulatory Proceeding or Consumer Redress Fund for that portion of Damages or Claims Expenses allocated to numbered paragraph 5 of Privacy Regulations. Furthermore, solely with respect to a Wrongful Act expressly covered under Insuring Agreement B, this exclusion shall not apply to Regulatory Communications. G. alleging, based upon, arising out of or attributable to any violation of the Employee Retirement Income Security Act of 1974, any rules or regulations promulgated thereunder, amendments thereto, or any 2018 CAPP Network Liability Policy CAPP Page 13 of 39 similar federal, state or common law. H. alleging, based upon, arising out of or attributable to the gaining in fact of any profit, remuneration or financial advantage to which any Insured was not legally entitled. However, this exclusion shall not apply to Claims Expenses or the Insurer's duty to defend any such Claim until there is a judgment against, binding arbitration against, adverse admission by, finding of fact against, or plea of nolo contendere or no contest by the Insured, at which time the Insured shall reimburse the Insurer for any Claims Expenses paid by the Insurer. Solely with respect to the applicability of this exclusion under Insuring Agreements A and C, only facts pertaining to and knowledge possessed by any principal, partner, officer or director of an Insured shall be imputed to other Insureds. alleging, based upon, arising out of or attributable to any fees, expenses, or costs paid to or charged by the Insured. J. alleging, based upon, arising out of or attributable to a Wrongful Act actually or allegedly committed prior to the beginning of the Policy Period if, on or before the earlier of the effective date of this Policy or the effective date of any Policy issued by the Insurer of which this Policy is a continuous renewal or a replacement, any principal, partner, officer, director or organizational equivalent of the Insured knew or reasonably could have foreseen that the Wrongful Act did or could lead to a Claim. K. alleging, based upon, arising out of, or attributable to: 1. any prior or pending litigation, Claims, demands, arbitration, administrative or regulatory proceeding or investigation which was filed or commenced against an Insured, and of which an Insured had notice, on or before the earlier of the effective date of this Policy or the effective date of any policy issued by the Insurer of which this Policy is a continuous renewal or a replacement, or alleging or derived from the same or substantially the same fact, circumstance or situation underlying or alleged therein: or 2. any other Wrongful Act whenever occurring which, together with a Wrongful Act underlying or alleged therein would constitute Interrelated Wrongful Acts. L. alleging, based upon, arising out of, or attributable to: 1. any Wrongful Act, fact, circumstance or situation which has been the subject of any written notice given under any other policy before the effective date of this Policy; or 2. any other Wrongful Act whenever occurring which, together with a Wrongful Act which has been the subject of such notice, would constitute Interrelated Wrongful Acts. M. alleging, based upon, arising out of or attributable to any electrical or mechanical failures or interruption, including but not limited to any electrical disturbance, surge, spike, brownout or blackout, and outages to gas, water, telephone, cable, satellite, telecommunications or other infrastructure. However, this exclusion shall not apply to failures, interruptions, disturbances or outages of telephone, cable or telecommunications infrastructure under the Insured's operational control which are a result of the Insured's Wrongful Act. N. alleging, based upon, arising out of or attributable to any failure, interruption, or outage to Internet access service provided by the Internet service provider that hosts the Insured's Website, unless such infrastructure is under the Insured's operational control. O. alleging, based upon, arising out of or attributable to fire, smoke, explosion, lightning, wind, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, act of God or any other physical event, however caused. P. alleging, based upon, arising out of or attributable to war, invasion, acts of foreign enemies, hostilities or warlike operations (whether war is declared or not), strike, lock-out, riot, civil war, rebellion, revolution, insurrection, civil commotion assuming the proportions of or amounting to an uprising, military or usurped power. O. alleging, based upon, arising out of or attributable to false, deceptive or unfair business practices, violation of consumer protection laws, or false or deceptive advertising. However, with respect to a Wrongful Act expressly covered under Insuring Agreements A or C, this exclusion shall not apply to a Regulatory Proceeding or Consumer Redress Fund for that portion of Damages or Claims Expenses allocated to numbered paragraph 5 of Privacy Regulations. Furthermore, solely with respect to a Wrongful Act expressly covered under Insuring Agreement B, this exclusion shall not apply to Regulatory Communications. R. alleging, based upon, arising out of or attributable to any validity, invalidity, infringement, violation or 2018 CAPP Network Liability Policy CAPP Page 14 of 39 misappropriation of any patent or Trade Secret by or on behalf of the Insured. S. alleging, based upon, arising out of or attributable to any validity, invalidity, infringement, violation or misappropriation of any copyright, service mark, trade name, trademark or other intellectual property of any third party, however, with respect to Insuring Agreement D, this exclusion shall not apply. T. alleging, based upon, arising out of or attributable to any unsolicited electronic dissemination of faxes, e- mails or other communications by or on behalf of the Insured to multiple actual or prospective customers of the Insured or any other third party, including but not limited to actions brought under the Telephone Consumer Protection Act, any federal or state anti-spam statutes, and/or any other federal or state statute, law or regulation relating to a person's or entity's right of seclusion. However, with respect to a Wrongful Act expressly covered under Insuring Agreement C, this exclusion shall not apply. U. alleging, based upon, arising out of or attributable to the unauthorized or surreptitious collection of Personal Information by the Insured or the failure to provide adequate notice that such information is being collected. Solely with respect to the applicability of this exclusion under Insuring Agreements A and C, only facts pertaining to and knowledge possessed by any principal, partner, officer or director of an Insured shall be imputed to other Insureds. V. alleging, based upon, arising out of or attributable to the Insured's intentional failure to disclose the loss of Personal Information in violation of any law or regulation. Solely with respect to the applicability of this exclusion under Insuring Agreements A and C, only facts pertaining to and knowledge possessed by any principal, partner, officer or director of an Insured shall be imputed to other Insureds. W. alleging, based upon, arising out of or attributable to sections 605 and 616 of the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq., or any other similar federal or statutory provisions. X. alleging, based upon, arising out of or attributable to the rendering of or the failure to render professional services by any Insured to others. Y. Solely with respect to Insuring Agreement D, the Internet Media Liability Insuring Agreement, the Insurer shall not be liable for Damages, Claims Expenses, or Data Breach Expenses, Digital Asset Loss, Extra Expense, Extortion Expense or Income Loss on account of any Claim alleging, based upon, arising out of or attributable to any action brought by or on behalf of the Federal Trade Commission, the Federal Communications Commission, or any other federal, state, or local government agency or ASCAP, SESAC, BMI or other licensing or rights organizations in such entity's regulatory, quasi-regulatory, or official capacity, function or duty. Z. Solely with respect to Insuring Agreements E and F, the Insurer shall not be liable for Damages, Claims Expenses, or Data Breach Expenses, Digital Asset Loss, Extra Expense, Extortion Expense or Income Loss on account of any Claim: • alleging, based upon, arising out of, or attributable to the ordinary wear and tear or gradual deterioration of Digital Assets, including any data processing media; • alleging, based upon, arising out of, or attributable to any action of a public or governmental authority, including the seizure, confiscation or destruction of the Insured's Computer Systems or the Insured's Digital Assets; • alleging, based upon, arising out of, or attributable to any transmission of unauthorized, corrupting or harmful software code, distributed attacks, viruses, worms or malware which is self propagating; • alleging, based upon, arising out of, or attributable to any operator error, software error, faulty instruction, unintentional programming error, or failure in project planning; • alleging, based upon, arising out of, or attributable to any accounts, bills, evidences of debt, money, valuable papers, records, abstracts, deeds, manuscripts or other documents, except as they have been converted to data processing media form, and then only in that form; • for loss or damage caused directly or indirectly by a Certified Act of Terrorism. Such loss or damage is excluded regardless of any other cause or event that contributes concurrently or in any sequence to the loss. 2018 CAPP Network Liability Policy CAPP Page 15 of 39 IV. ESTATES, LEGAL REPRESENTATIVES AND SPOUSES The estates, heirs, legal representatives, assigns, spouses and Domestic Partners of Insureds shall be considered Insureds under this Policy, but coverage is afforded to such estates, heirs, legal representatives, assigns, spouses and Domestic Partners only for a Claim arising solely out of their status as such and, in the case of a spouse or Domestic Partner, where the Claim seeks damages from marital community property, jointly held property or property transferred from the Insured to the spouse or Domestic Partner. No coverage is provided for any Wrongful Act of an estate, heir, legal representative, assign, spouse or Domestic Partner. All of the terms and conditions of this Policy including, without limitation, the Retention shown in Item 5 of the Declarations applicable to Damages, Claims Expenses, Digital Asset Loss, Extra Expense, Extortion Expense, Income Loss, or Data Breach Expenses incurred by Insureds, shall also apply to Damages, Claims Expenses, Digital Asset Loss, Extra Expense, Extortion Expense, Income Loss or Data Breach Expenses incurred by such estates, heirs, legal representatives, assigns, spouses and Domestic Partners. V. EXTENDED REPORTING PERIODS If the Insurer terminates or does not renew this Policy (other than for failure to pay a premium when due), or if the Named Insured terminates or does not renew this Policy and does not obtain replacement coverage as of the effective date of such termination or nonrenewal, the Named Insured shall have the right, upon payment of the additional premium described below, to a continuation of the coverage granted by this Policy for at least one Extended Reporting Period as follows: A. Automatic Extended Reporting Period The Named Insured shall have continued coverage granted by this Policy for a period of 60 days following the effective date of such termination or nonrenewal, but only for Claims first made during such 60 days and arising from Wrongful Acts taking place prior to the effective date of such termination or nonrenewal. This Automatic Extended Reporting Period shall immediately expire upon the purchase of replacement coverage by the Named Insured. B. Optional Extended Reporting Period The Named Insured shall have the right, upon payment of the additional premium set forth in Item 8A of the Declarations, to an Optional Extended Reporting Period, for the period set forth in Item 8B of the Declarations following the effective date of such termination or nonrenewal, but only for Claims first made during such Optional Extended Reporting Period and arising from Wrongful Acts taking place prior to the effective date of such termination or nonrenewal. This right to continue coverage shall lapse unless written notice of such election is given by the Named Insured to the Insurer, and the Insurer receives payment of the additional premium within 60 days following the effective date of termination or nonrenewal. The first 60 days of the Optional Extended Reporting Period, if it becomes effective, shall run concurrently with the Automatic Extended Reporting Period. C. The Insurer shall give the Named Insured notice of the premium due for the Optional Extended Reporting Period as soon as practicable following the date the Named Insured gives such notice of such election, and such premium shall be paid by the Named Insured to the Insurer within 10 days following the date of such notice by the Insurer of the premium due. The Optional Extended Reporting Period is not cancelable and the entire premium for the Optional Extended Reporting Period shall be deemed fully earned and non-refundable upon payment. D. The Automatic and Optional Extended Reporting Periods shall be part of and not in addition to the Limit of Liability for the immediately preceding Policy Period. The Automatic and Optional Extended Reporting Periods shall not increase or reinstate the Limit of Liability, which shall be the maximum liability of the Insurer for the Policy Period and the Automatic and Optional Extended Reporting Period, combined. E. A change in Policy terms, conditions, exclusions and/or premiums shall not be considered a nonrenewal for purposes of triggering the rights to the Automatic or Optional Extended Reporting Period. VI. LIMITS OF LIABILITY Regardless of the number of Insuring Agreements purchased under this Policy, Insureds against whom Claims are brought, Claims made or persons or entities making Claims: 2018 CAPP Network Liability Policy CAPP Page 16 of 39 A. Pool Program Limit of Liability for Insuring Agreements: 1. With respect to Insuring Agreements A, C, and D: a. the Each Claim Limit of Liability stated in Item 4A of the Declarations is the Insurer's maximum liability under the applicable Insuring Agreement for the sum of all Damages and all Claims Expenses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. b. the Aggregate Limit of Liability as stated in Item 4A of the Declarations is the Insurer's maximum liability under the applicable Insuring Agreement for the sum of all Damages and all Claims Expenses because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. c. Notwithstanding subparagraphs a and b of this section 1 immediately above: (1) the Each Claim Regulatory Proceeding Sub-Limit of Liability stated in Item 4B of the Declarations is the Insurer's maximum liability under Insuring Agreements A and C for the sum of all Damages and all Claims Expenses incurred because of each Regulatory Proceeding Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. (2) the Aggregate Regulatory Proceeding Sub-Limit of Liability stated in Item 4B of the Declarations is the Insurer's maximum liability under Insuring Agreements A and C for the sum of all Damages and all Claims Expenses incurred because all Regulatory Proceeding Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. (3) the Regulatory Proceeding Sub-Limit of Liability shall be part of and not in addition to the otherwise applicable Each Claim and Aggregate Limits of Liability stated in Items 4A or 4D of the Declarations and will not increase the Insurer's Limit of Liability as provided therein. (4) the Each Claim Regulatory Proceeding Sub-Limit of Liability and Aggregate Regulatory Proceeding Sub-Limit of Liability stated in Item 4B of the Declarations shall not apply to that portion of Damages which are allocated to the Consumer Redress Fund. d. Notwithstanding subparagraphs a and b of this section 1 above: (1) the Each Claim Payment Card Loss Sub-Limit of Liability stated in Item 4C of the Declarations is the Insurer's maximum liability under Insuring Agreements A and C for the sum of all Damages incurred because of each Payment Card Loss Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. (2) the Aggregate Payment Card Loss Sub-Limit of Liability stated in Item 4C of the Declarations is the Insurer's maximum liability under Insuring Agreements A and C for the sum of all Damages and all Claims Expenses incurred because all Payment Card Loss Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. (3) the Payment Card Loss Sub-Limit of Liability shall be part of and not in addition to the otherwise applicable Each Claim and Aggregate Limits of Liability stated in Items 4A or 4D of the Declarations and will not increase the Insurer's Limit of Liability as provided therein. 2. With respect to Insuring Agreement B: a. the Each Claim Limit of Liability as stated in Item 4A of the Declarations is the Insurer's maximum liability under Insuring Agreement B for the sum of all Data Breach Expenses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. b. the Aggregate Limit of Liability stated in Item 4A of the Declarations is the Insurer's maximum liability under Insuring Agreement B for the sum of all Data Breach Expenses because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. 2018 CAPP Network Liability Policy CAPP Page 17 of 39 3. With respect to Insuring Agreement E: a. the Each Claim Limit of Liability stated in Item 4A of the Declarations for Insuring Agreement E is the Insurer's maximum liability under that Insuring Agreement for the sum of all Digital Asset Losses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. b. the Aggregate Limit of Liability stated in Item 4A of the Declarations for Insuring Agreement E is the Insurer's maximum liability under that Insuring Agreement for the sum of all Digital Asset Losses because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. 4. With respect to Insuring Agreements F: a. the Each Claim Limit of Liability stated in Item 4A of the Declarations for Insuring Agreement F is the Insurer's maximum liability under that Insuring Agreement for the sum of all Extra Expenses and Income Losses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. b. the Aggregate Limit of Liability stated in Item 4A of the Declarations for Insuring Agreement F is the Insurer's maximum liability under that Insuring Agreement for the sum of all Extra Expenses and Income Losses because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. 5. With respect to Insuring Agreement G: a. the Each Claim Limit of Liability stated in Item 4A of the Declarations for Insuring Agreement G is the Insurer's maximum liability under that Insuring Agreement for the sum of all Extortion Expenses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period; b. the Aggregate Limit of Liability stated in Item 4A of the Declarations for Insuring Agreement G is the Insurer's maximum liability under that Insuring Agreement for the sum of all Extortion Expenses because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. 6. All Claims arising out of the same Wrongful Act and all Interrelated Wrongful Acts of the Insureds shall be deemed to be one Claim, and such Claim shall be deemed to be first made on the date the earliest of such Claims is first made, regardless of whether such date is before or during the Policy Period. 7. Claims Expenses and Data Breach Expenses, and Extortion Expenses shall be part of and not in addition to the applicable Aggregate Limits of Liability stated in Item 4A or 4D of the Declarations, and shall reduce such Aggregate Limits of Liability. If the applicable Limit of Liability is exhausted by payment of Damages, Claims Expenses, Data Breach Expenses or Extortion Expenses, the obligations of the Insurer under this Policy shall be completely fulfilled and extinguished. The Insurer is entitled to pay Damages, Claims Expenses, Data Breach Expenses and Extortion Expenses as they become due and payable by the Insureds, without consideration of other future payment obligations. B. Pool Program Maximum Policy Aggregate Limit of Liability The Maximum Policy Aggregate Limits of Liability stated in Items 4A and 4D of the Policy Declarations is the Insurer's maximum liability under all Insuring Agreements for the sum of all Damages, all Claims Expenses, all Digital Asset Loss, all Extortion Expense, all Extra Expense, all Income Loss, and all Data Breach Expenses because of all Claims under this Policy, regardless of the number of Members involved in any such Claim(s). However, the foregoing shall not apply to Data Breach Expenses provided under the Data Breach Fund Sidecar. C. All Claims arising out of the same Wrongful Act and all Interrelated Wrongful Acts of the Insureds shall be deemed to be one Claim, and such Claim shall be deemed to be first made on the date the earliest of such Claims is first made, regardless of whether such date is before or during the Policy Period. All Damages, Claims Expenses, Digital Asset Loss, Extortion Expense, Extra Expense, Income Loss, and Data Breach Expenses resulting from a single Claim shall be deemed, respectively, a single Damage, Claims Expense, Digital Asset Loss, Extortion Expense, Extra Expense, Income Loss, or Data Breach Expense. 2018 CAPP Network Liability Policy CAPP Page 18 of 39 D. Damages, Claims Expenses, Digital Asset Loss, Extortion Expense, Extra Expense, Income Loss and Data Breach Expenses shall be part of and not in addition to the applicable Limit(s) of Liability shown in Item 4 of the Declarations, and shall reduce such Limit(s) of Liability. If the Limit(s) of Liability are exhausted by payment of Damages, Claims Expenses, Digital Asset Loss, Extortion Expense, Extra Expense, Income Loss or Data Breach Expenses, the obligations of the Insurer under this Policy shall be completely fulfilled and extinguished. E. With respect to the Member stated in Item 1 of the Member Certificate, the Limits of Liability are follows: 1. With respect to Insuring Agreements A, C, and D: a. The Each Claim Limit of Liability stated in Item 4A of the Member Certificate is the Insurer's maximum liability for the sum of all Damages and all Claims Expenses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. b. The Aggregate Limit of Liability stated in Item 4A of the Member Certificate is the Insurer's maximum liability for the sum of all Damages and Claims Expenses because of all Claims, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. c. Notwithstanding paragraphs a and b of this section 1 immediately above: (1) the Each Claim Regulatory Proceeding Sub-Limit of Liability stated in Item 4B of the Member Certificate is the Insurer's maximum liability under Insuring Agreements A and C for the sum of all Damages and all Claims Expenses incurred because of each Regulatory Proceeding Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. (2) the Aggregate Regulatory Proceeding Sub-Limit of Liability stated in Item 4B of the Member Certificate is the Insurer's maximum liability under Insuring Agreements A and C for the sum of all Damages and all Claims Expenses incurred because all Regulatory Proceeding Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. (3) the Regulatory Proceeding Sub-Limit of Liability shall be part of and not in addition to the otherwise applicable Each Claim and Aggregate Limits of Liability stated in Items 4A or 4D of the Member Certificate and will not increase the Insurer's Limit of Liability as provided therein. (4) the Each Claim Regulatory Proceeding Sub-Limit of Liability and Aggregate Regulatory Proceeding Sub-Limit of Liability stated in Item 4B of the Member Certificate shall not apply to that portion of Damages which are allocated to the Consumer Redress Fund. b. Notwithstanding paragraphs a and b of this section 1 above: (1) Subject to the maximum the Each Claim Payment Card Loss Sub-Limit of Liability stated in Item 4C of the Member Certificate is the Insurer's maximum liability under Insuring Agreements A and C for the sum of all Damages incurred because of each Payment Card Loss Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. (2) the Aggregate Payment Card Loss Sub-Limit of Liability stated in Item 4C of the of the Member Certificate is the Insurer's maximum liability under Insuring Agreements A and C for the sum of all Damages and all Claims Expenses incurred because all Payment Card Loss Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. (3) the Payment Card Loss Sub-Limit of Liability shall be part of and not in addition to the otherwise applicable Each Claim and Aggregate Limits of Liability stated in Items 4A or 4D of the of the Member Certificate and will not increase the Insurer's Limit of Liability as provided therein. 2018 CAPP Network Liability Policy CAPP Page 19 of 39 2. With respect to Insuring Agreement B: a. As respects the Limits of Liability for the Standard Data Breach Fund: i. The Each Claim Limit of Liability stated in Item 4ABa of the Member Certificate is the Insurer's maximum liability under the Data Breach Fund Insuring Agreement for the sum of those Data Breach Expenses set forth in paragraph 1 of such definition, Standard Data Breach Fund, because of each Claim, including each Claim alleging Interrelated Wrongful Acts, first made and reported during the Policy Period. ii. The Aggregate Limit of Liability stated in Item 4ABa of the Member Certificate is the Insurer's maximum liability under the Data Breach Fund Insuring Agreement for the sum of those Data Breach Expenses set forth in paragraph 1 of such definition, Standard Data Breach Fund, because of all Claims combined in the aggregate, including all Claims alleging Interrelated Wrongful Acts, first made and reported during the Policy Period. b. As respects the Limits of Liability for the Data Breach Fund Sidecar: i.The Each Claim Limit of Liability as stated in Item 4ABb of the Member Certificate is the Insurer's maximum liability under Insuring Agreement B for the sum of all Data Breach Expenses provided under the Data Breach Fund Sidecar because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. ii.The Aggregate Limit of Liability stated in Item 4ABb of the Declarations of the Member Certificate is the Insurer's maximum liability under Insuring Agreement B for the sum of all Data Breach Expenses provided under the Data Breach Fund Sidecar because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. iii.The Each Claim and Aggregate Limits of Liability stated in Item 4AB shall be in addition to, and not part of, the Maximum Policy Aggregate Limit of Liability set forth in Item 4C of the Declarations to the Policy or the Maximum Member Certificate Aggregate Limit of Liability set forth in Item 4D of the Member Certificate. 3. With respect to Insuring Agreement D: a. the Each Claim Limit of Liability stated in Item 4A of the Member Certificate for Insuring Agreement D is the Insurer's maximum liability under that Insuring Agreement for the sum of all Damages and all Claims Expenses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. b. the Aggregate Limit of Liability as stated in Item 4A of the Member Certificate for Insuring Agreement D is the Insurer's maximum liability under that Insuring Agreement for the sum of all Damages and all Claims Expenses because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. 4. With respect to Insuring Agreement E: c. the Each Claim Limit of Liability stated in Item 4A of the Member Certificate for Insuring Agreement E is the Insurer's maximum liability under that Insuring Agreement for the sum of all Digital Asset Losses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. d. the Aggregate Limit of Liability stated in Item 4A of the Member Certificate for Insuring Agreement E is the Insurer's maximum liability under that Insuring Agreement for the sum of all Digital Asset Losses because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. 5. With respect to Insuring Agreement F: a. the Each Claim Limit of Liability stated in Item 4A of the Member Certificate for Insuring Agreements F is the Insurer's maximum liability under that Insuring Agreement for the sum of all Extra Expenses and Income Losses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. 2018 CAPP Network Liability Policy CAPP Page 20 of 39 b. the Aggregate Limit of Liability stated in Item 4A of the Member Certificate for Insuring Agreements F is the Insurer's maximum liability under that Insuring Agreement for the sum of all Extra Expenses and Income Losses because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. 6. With respect to Insuring Agreement G: a. the Each Claim Limit of Liability stated in Item 4A of the Member Certificate for Insuring Agreement G is the Insurer's maximum liability under that Insuring Agreement for the sum of all Extortion Expenses because of each Claim, including each Claim alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. b. the Aggregate Limit of Liability stated in Item 4A of the Member Certificate for Insuring Agreement G is the Insurer's maximum liability under that Insuring Agreement for the sum of all Extortion Expenses because of all Claims combined in the aggregate, including all Claims alleging any Interrelated Wrongful Acts, first made and reported during the Policy Period. 7. Claims Expenses, Digital Asset Loss, Extortion Expense, Extra Expense, and Income Loss, shall be part of and not in addition to the applicable Aggregate Limits of Liability stated in Item 4 of the Member Certificate and of the Policy Declarations, and shall reduce such Aggregate Limits of Liability. 8. Except those Data Breach Expenses provided under the Data Breach Fund Sidecar, Data Breach Expenses shall be part of and not in addition to the applicable Aggregate Limits of Liability set forth in Item 4AB and 4D of of the Member Certificate and of the Policy Declarations. 9. If the applicable Limit of Liability is exhausted by payment of Damages, Claims Expenses, Data Breach Expenses, Digital Asset Loss, Extortion Expense, Extra Expense, or Income Loss, the obligations of the Insurer under this Policy shall be completely fulfilled and extinguished. The Insurer is entitled to pay Damages, Claims Expenses, Data Breach Expenses, Digital Asset Loss, Extortion Expense, Extra Expense, or Income Loss, as they become due and payable by the Insureds, without consideration of other future payment obligations. 10. Any payment of Data Breach Expenses under the Standard Data Breach Fund shall erode the Each Claim and Aggregate Limits for the Data Breach Fund Sidecar stated in Item 4AB of the Member Certificate and shall also simultaneously erode the Limits of Liability in Item 4AB and 4D as set forth in the Policy Declarations. Any payment of Data Breach Expenses provided under the Data Breach Fund Sidecar shall erode the Each Claim and Aggregate Limits of Liability set forth in Item 4AB of the Policy Declarations. In no event shall the Limits of Liability pursuant to a Member Certificate, and the Limits of Liability stated in the Policy Declarations be stacked or added together. 11. For any single Claim, the Insured may elect to utilize Data Breach Expenses as originally defined in the Policy or Data Breach Expenses provided under the Data Breach Fund Sidecar (subject to the Data Breach Team Coverage Conditions set forth Section XXII). In no event shall both the Data Breach Expenses, as defined in subsection L1 for the Standard Data Breach Fund, and the Data Breach Expenses provided under the Data Breach Fund Sidecar as defined in subsection M2 be applied to the same Claim. 12. In the event the Aggregate limit as originally set forth in the Declarations under Item 4AB is exhausted, the Insurer shall have no further obligation to pay Data Breach Expenses, except to the extent that the Insured is in full compliance with the terms of this Policy, in which case the then-remaining Limits of Liability for the Data Breach Fund Sidecar shall apply. VII. RETENTION A. The liability of the Insurer shall apply only to that part of Damages, Claims Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, Income Loss and Data Breach Expenses which are in excess of the applicable Retention amount shown in Item 5 of the Declarations. Such Retention shall be borne uninsured by the Named Insured and at the risk of all Insureds. B. A single Retention amount shall apply to Damages, Claims Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, Income Loss and Data Breach Expenses arising from all Claims alleging Interrelated Wrongful Acts. 2018 CAPP Network Liability Policy CAPP Page 21 of 39 C. If different parts of a single Claim are subject to different Retentions, the applicable Retention shall be applied separately to each part of the Damages, Claim Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, Income Loss and Data Breach Expenses, but the sum of such Retentions shall not exceed the largest applicable Retention. D. With respect to Insuring Agreements F, the Insurer will pay the actual Income Loss and Extra Expense incurred by the Insured: 1. once the Waiting Period shown in Item 10 of the Declarations on the Member Certificate has expired; and 2. which are in excess of the applicable Retention amount shown in Item 5 of the Declarations. All Retention amounts shall be computed as of the start of the Interruption in Service. E. Any amounts paid by the Insurer or the Insured solely for that portion of Data Breach Expenses incurred for Regulatory Communications, shall simultaneously erode the applicable Retention set forth in Item 5 of the Declarations for a Regulatory Proceeding under Insuring Agreements A or C. VIII. NOTICE A. Any principal, partner, officer, director or organizational equivalent of an Insured shall, as a condition precedent to their rights under this Policy, give to the Insurer written notice of any Claim as soon as practicable, but in no event later than 30 days after the later of the end of the Policy Period, the Automatic Extended Reporting Period, or, if elected, the Optional Extended Reporting Period. B. If, during the Policy Period, any principal, partner, officer, director or organizational equivalent of an Insured becomes aware of any specific Wrongful Act which may reasonably give rise to a future Claim covered under this Policy, and if the Insureds give written notice to the Insurer during the Policy Period, the Automatic Extended Reporting Period, or, if elected, the Optional Extended Reporting Period of: 1. the identity of the potential claimants; 2. a description of the anticipated Wrongful Act allegations; 3. the identity of the Insureds allegedly involved; 4. the circumstances by which the Insureds first became aware of the Wrongful Act; 5. the consequences which have resulted or may result; and 6. the nature of the potential monetary damages; then any Claim which arises out of such Wrongful Act shall be deemed to have been first made at the time such written notice was received by the Insurer. No coverage is provided for fees, expenses and other costs incurred prior to the time such Wrongful Act results in a Claim. C. All notices under any provision of this Policy shall be in writing and given by prepaid express courier or certified mail properly addressed to the appropriate party. Notice to the Insureds may be given to the Named Insured at the address shown in Item 1 of the Declarations. Notice to the Insurer of any Claim or Wrongful Act shall be given to the Insurer at the address set forth in Item 6A of the Declarations. All other notices to the Insurer under this Policy shall be given to the Insurer at the address set forth in Item 6B of the Declarations. Notice given as described above shall be deemed to be received and effective upon actual receipt thereof by the addressee, or one day following the date such notice is sent, whichever is earlier. D. No notice that may be given during the Policy Period under section VIII, Notice, at subsection B may be given during the Extended Reporting Periods, if elected. IX. DEFENSE AND SETTLEMENT A. Except as provided in Section IX, subsection B below, the Insurer shall have the right and duty to defend any covered Claim brought against the Insured even if such Claim is groundless, false or fraudulent. The Insured shall not: 1. admit or assume liability without the prior written consent of the Insurer; 2. settle or negotiate to settle any Claim unless such settlement fully resolves such Claim within the applicable Retention; or 3. incur any Claims Expenses, Extortion Expenses or Data Breach Expenses (as defined in Section II, subsection L1c or L2g of this Policy)".without the prior written consent of the Insurer, and the Insurer shall have the right to appoint counsel and to make such investigation and defense of a covered Claim as it deems necessary. 2018 CAPP Network Liability Policy CAPP Page 22 of 39 B. The Insurer shall have the right, but not the duty, to defend any Regulatory Proceeding. For such Claims the Insured shall select defense counsel from the Insurer's list of approved law firms, and the Insurer reserves the right to associate in the defense of such Claims. C. The Insurer shall not settle any Claim without the written consent of the Named Insured. If the Named Insured refuses to consent to a settlement or a compromise recommended by the Insurer and acceptable to the claimant, then the Insurer's Limit of Liability under this Policy with respect to such Claim shall be reduced to the amount of Damages for which the Claim could have been settled plus all Claims Expenses incurred up to the time the Insurer made its recommendation to the Named Insured, which amount shall not exceed that portion of any applicable Aggregate Limit of Liability that remains unexhausted by payment of Damages, Claims Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, Income Loss, or Data Breach Expenses or by any combination thereof. D. The Insurer shall not be obligated to investigate, defend, pay or settle, or continue to investigate, defend, pay or settle any Claim after any applicable Limit of Liability specified in Item 4 of the Declarations has been exhausted by payment of Damages, Claims Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, Income Loss or Data Breach Expenses, or by any combination thereof, or after the Insurer has deposited the remainder of any unexhausted applicable Limit of Liability into a court of competent jurisdiction. In either such case, the Insurer shall have the right to withdraw from the further investigation, defense, payment or settlement of such Claim by tendering control of such Claim to the Insured. E. The Insured shall cooperate with the Insurer, and provide to the Insurer all information and assistance which the Insurer reasonably requests including but not limited to attending hearings, depositions and trials and assistance in effecting settlements, securing and giving evidence, obtaining the attendance of witnesses and conducting the defense of any Claim covered by this Policy. The Insured shall do nothing that may prejudice the Insurer's position. The Insureds shall immediately forward to the Insurer, at the address indicated in Item 6A of the Declarations, every demand, notice, summons, or other process or pleading received by the Insured or its representatives. F. It is agreed that, except with respect to that part of Data Breach Expenses set forth in Section II, subsections L1 c or L2g of this Policy.of this Policy, the Insured has the right to incur Data Breach Expenses without the Insurer's prior consent, however, the Insurer shall, at its sole discretion and in good faith, reimburse the Insured only for such expenses that the Insurer deems to be reasonable and necessary. X. ALLOCATION A. If Damages, in part, covered by this Policy and, in part, not covered by this Policy, are incurred on account of a single Claim for which the Insurer retains the duty to defend, the Policy will pay one hundred percent (100%) of reasonable and necessary Claims Expenses incurred in the defense of such Claims. B. Damages, Claims Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, and Income Loss incurred by the Insured on account of any Claim for which the Insurer does not retain the duty to defend shall be allocated between covered and uncovered loss based on the relative legal and financial exposures of the parties and loss at issue. XI. OTHER INSURANCE If any Damages, Claims Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, Income Loss or Data Breach Expenses covered under this Policy are covered under any other valid and collectible insurance, then this Policy shall cover such Damages, Claims Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, Income Loss or Data Breach Expenses, subject to the Policy terms and conditions, only to the extent that the amount of such Damages, Claims Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, Income Loss or Data Breach Expenses are in excess of the amount of such other insurance whether such other insurance is stated to be primary, contributory, excess, contingent or otherwise, unless such other insurance is written only as specific excess insurance over the Limits of Liability provided by this Policy. XII. MATERIAL CHANGES IN CONDITIONS A. Acquisition or Creation of Another Organization If, during the Policy Period, the Named Insured: 2018 CAPP Network Liability Policy CAPP Page 23 of 39 1. acquires voting securities in another organization or creates another organization, which as a result of such acquisition or creation becomes a Subsidiary; or 2. acquires any organization by merger into or consolidation with the Named Insured; then, subject to the terms and conditions of this Policy, such organization shall be covered under this Policy but only with respect to Claims for Wrongful Acts taking place after such acquisition or creation, unless the Insurer agrees to provide coverage by endorsement for Wrongful Acts taking place prior to such acquisition or creation. If the total assets of such acquired organization, as reflected in the then most recent consolidated financial statements of the organization, exceeds 10% of the total assets of the Named Insured and the Subsidiaries as reflected in the then most recent consolidated financial statements of the Named Insured, the Named Insured, as a condition precedent to coverage with respect to such Insureds, shall, no later than 60 days after the effective date of such acquisition or creation: 1. give written notice of such acquisition or creation to the Insurer; 2. pay any additional premium required by the Insurer; and 3. agree to any additional terms and conditions of this Policy as required by the Insurer. B. Acquisition of the Named Insured If, during the Policy Period, any of the following events occurs: 1. the acquisition of the Named Insured, or of all or substantially all of its assets, by another entity, or the merger or consolidation of the Named Insured into or with another entity such that the Named Insured is not the surviving entity; or 2. the obtaining by any person, entity or affiliated group of persons or entities of the right to elect, appoint or designate at least 50% of the directors of the Named Insured; then coverage under this Policy will continue in full force and effect until termination of this Policy, but only with respect to Claims for Wrongful Acts taking place before such event. Coverage under this Policy will cease as of the effective date of such event with respect to Claims for Wrongful Acts taking place after such event. This Policy may not be cancelled after the effective time of the event, and the entire premium for this Policy shall be deemed earned as of such time. C. Termination of a Subsidiary If before or during the Policy Period an organization ceases to be a Subsidiary, coverage with respect to such organization and its employees shall continue until termination of this Policy. Such coverage continuation shall apply only with respect to Claims for Wrongful Acts taking place prior to the date such organization ceased to be a Subsidiary. XIII. REPRESENTATIONS A. The Insureds represent and acknowledge that the statements and information contained in the Application, including all information provided concerning network security policies and procedures, information management policies and procedures, and business continuity plans and policies, are true and accurate and: 1. are the basis of this Policy and are to be considered as incorporated into and constituting a part of this Policy: and 2. shall be deemed material to the acceptance of this risk or the hazard assumed by the Insurer under this Policy. B. It is understood and agreed that: 1.this Policy is issued in reliance upon the truth and accuracy of such representations; 2.the Insureds have and will provide accurate information with regard to loss control audits and network security assessments as required by the Insurer; and 3.if such representations or such information are not true, accurate and complete, this Policy shall be null and void in its entirety and the Insurer shall have no liability hereunder. C. Solely with respect to the applicability of Section XIII, Representations of the Policy, only facts pertaining to and knowledge possessed by the person(s) who signed the Application or any principal, partner, officer, director or organizational equivalent of an Insured shall be imputed to other Insureds. 2018 CAPP Network Liability Policy CAPP Page 24 of 39 XIV. TERMINATION OF THE POLICY A. This Policy shall terminate at the earliest of the following times: 1. the effective date of termination specified in a prior written notice by the Named Insured to the Insurer; 2. 30 days after receipt by the Named Insured of a written notice of termination from the Insurer; 3. 10 days after receipt by the Named Insured of a written notice of termination from the Insurer for failure to pay a premium when due, unless the premium is paid within such 10 day period; 4. upon expiration of the Policy Period as set forth in Item 2 of the Declarations; or 5. at such other time as may be agreed upon by the Insurer and the Named Insured. B. If the Policy is terminated by the Named Insured, the Insurer shall refund the unearned premium computed at the customary short rate. If the Policy is terminated by the Insurer, the Insurer shall refund the unearned premium computed pro rata. Payment or tender of any unearned premium by the Insurer shall not be a condition precedent to the effectiveness of such termination, but such payment shall be made as soon as practicable. XV. TERRITORY AND VALUATION A. Coverage provided under this Policy shall extend to Wrongful Acts and Claims taking place, brought or maintained anywhere in the world. B. All premiums, limits, retentions, Damages, Claims Expenses, Digital Asset Loss, Extortion Expenses, Extra Expense, Income Loss, Data Breach Expenses, and any other amounts under this Policy are expressed and payable in the currency of the United States of America. If judgment is rendered, settlement is denominated or another element of loss under this Policy is stated in a currency other than United States of America dollars, payment under this Policy shall be made in United States dollars at the applicable rate of exchange as published in The Wall Street Journal as of the date the final judgment is reached, the amount of the settlement is agreed upon or the other element of loss is due, respectively, or, if not published on such date, the next date of publication of The Wall Street Journal. XVI. SUBROGATION In the event of any payment under this Policy, the Insurer shall be subrogated to the extent of such payment to all the rights of recovery of the Insureds. The Insureds shall execute all papers required and shall do everything necessary to secure and preserve such rights, including the execution of such documents necessary to enable the Insurer effectively to bring suit or otherwise pursue subrogation rights in the name of the Insureds. XVII. ACTION AGAINST THE INSURER AND BANKRUPTCY Except as provided in Section XX, Alternative Dispute Resolution, no action shall lie against the Insurer. No person or organization shall have any right under this Policy to join the Insurer as a party to any action against any Insured to determine the liability of the Insured nor shall the Insurer be impleaded by any Insured or its legal representatives. Bankruptcy or insolvency of any Insured or of the estate of any Insured shall not relieve the Insurer of its obligations nor deprive the Insurer of its rights or defenses under this Policy. XVIII. AUTHORIZATION CLAUSE By acceptance of this Policy, the Named Insured agrees to act on behalf of all Insureds with respect to the giving of notice of Claim, the giving or receiving of notice of termination or non renewal, the payment of premiums, the receiving of any premiums that may become due under this Policy, the agreement to and acceptance of endorsements, consenting to any settlement, exercising the right to the Extended Reporting Period, and the giving or receiving of any other notice provided for in this Policy, and all Insureds agree that the Named Insured shall so act on their behalf. XIX. ALTERATION, ASSIGNMENT AND HEADINGS A. Notice to any agent or knowledge possessed by any agent or by any other person shall not affect a waiver or a change in any part of this Policy nor prevent the Insurer from asserting any right under the terms of this Policy. 2018 CAPP Network Liability Policy CAPP Page 25 of 39 B. No change in, modification of, or assignment of interest under this Policy shall be effective except when made by a written endorsement to this Policy which is signed by an authorized representative of the Insurer. C. The titles and headings to the various parts, sections, subsections and endorsements of the Policy are included solely for ease of reference and do not in any way limit, expand or otherwise affect the provisions of such parts, sections, subsections or endorsements. XX. ALTERNATIVE DISPUTE RESOLUTION The Insureds and the Insurer shall submit any dispute or controversy arising out of or relating to this Policy or the breach, termination or invalidity thereof to the alternative dispute resolution ("ADR") process set forth in this Section. Either an Insured or the Insurer may elect the type of ADR process discussed below; provided, however, that the Insured shall have the right to reject the choice by the Insurer of the type of ADR process at any time prior to its commencement, in which case the choice by the Insured of ADR process shall control. There shall be two choices of ADR process: (1) non-binding Mediation administered by any Mediation facility to which the Insurer and the Insured mutually agree, in which the Insured and the Insurer shall try in good faith to settle the dispute by Mediation in accordance with the then-prevailing commercial Mediation rules of the Mediation facility; or (2) arbitration submitted to any arbitration facility to which the Insured and the Insurer mutually agree, in which the arbitration panel shall consist of three disinterested individuals. In either Mediation or arbitration, the mediator or arbitrators shall have knowledge of the legal, corporate management, or insurance issues relevant to the matters in dispute. In the event of arbitration, the decision of the arbitrators shall be final and binding and provided to both parties, and the award of the arbitrators shall not include attorneys' fees or other costs. In the event of Mediation, either party shall have the right to commence a judicial proceeding; provided, however, that no such judicial proceeding shall be commenced until at least 60 days after the date the Mediation shall be deemed concluded or terminated. In all events, each party shall share equally the expenses of the ADR process. Either ADR process may be commenced in New York, New York or in the state indicated in Item 1 of the Declarations as the principal address of the Named Insured. The Named Insured shall act on behalf of each and every Insured in connection with any ADR process under this Section. XXI. INTERPRETATION The terms and conditions of this Policy shall be interpreted and construed in an evenhanded fashion as between the parties. If the language of this Policy is deemed to be ambiguous or otherwise unclear, the issue shall be resolved in the manner most consistent with the relevant terms and conditions, without regard to authorship of the language, without any presumption or arbitrary interpretation or construction in favor of either the Insureds or the Insurer and without reference to the reasonable expectations of either the Insureds or the Insurer. XXII. DATA BREACH FUND SIDECAR COVERAGE CONDITIONS A. It is agreed that the Insured is entitled to the coverage and limits available under the Data Breach Fund Sidecar if the following conditions precedent are met: 1. the Insured must select only service providers from the Data Breach Team; or 2. the Insurer permits the Insured to retain alternative services providers as set forth in subsection B directly below. The Insurer may, at its sole discretion as evidenced by the Insurer's prior written approval on or before the effective date of this Policy, permit the Insured to retain alternative service providers to provide services comparable to the services offered by the Data Breach Team; provided, however, B. the maximum rate the Insurer will pay for Data Breach Expenses shall be no more than the rates outlined in the ACE Data Breach Team Panel Guidelines for such services. C. If, during the Policy Period, any one of the following occurs: i. any of the Data Breach Team service providers is unable to or does not provide the services covered under Data Breach Expenses; or ii. there is a change of law or regulation that prevents service providers selected exclusively from the Data Breach Team from providing the legal, computer forensic, notification, call center, public relations, crisis communications, fraud consultation, credit monitoring, and identity restoration advice and services sought by the Insured; 2018 CAPP Network Liability Policy CAPP Page 26 of 39 then the Insurer may, at its sole discretion as evidenced by the Insurer's prior written approval, permit the Insured to retain alternative service providers to provide services comparable to the services offered by the Data Breach Team; provided, however, the maximum rate the Insurer will pay for Data Breach Expenses shall be no more than the rates outlined in the ACE Data Breach Team Panel Guidelines for such services. D. The Insurer may, in its sole and good faith discretion, require the use of the Data Breach Coach by the Insured with respect to any Claim or potential Claim. XXIII. DATA BREACH TEAM COVERAGE DISCLAIMERS The Insured is under no obligation to contract for services with Data Breach Team service providers, in which case, except as stated below, the Policy terms relating to the Data Breach Fund Sidecar, shall not apply. The Insurer shall not be a party to any agreement entered into between any Data Breach Team service provider and the Insured. It is understood that Data Breach Team service providers are independent contractors, and are not agents of the Insurer. The Insured agrees that the Insurer assumes no liability arising out of any services rendered by a Data Breach Team service provider. The Insurer shall not be entitled to any rights or subject to any obligations or liabilities set forth in any agreement entered into between any Data Breach Team service provider and the Insured. Any rights and obligations with respect to such agreement, including but limited to billings, fees and services rendered, are solely for the benefit of, and borne solely by such Data Breach Team service provider and the Insured, and not the Insurer. The Insurer has no obligation to provide any of the legal, computer forensic, notification, call center, public relations, crisis communications, fraud consultation, credit monitoring, and identity restoration advice and services provided by the Data Breach Team. The Insured's failure to comply with any one or more of the preceding requirements will preclude coverage under the Data Breach Fund Sidecar provisions and the Data Breach Fund Sidecar terms, conditions and limits of liability shall not apply. In such event, only the Standard Data Breach Fund, terms, conditions and limits of liability shall apply and be available to the Insured 2018 CAPP Network Liability Policy CAPP Page 27 of 39 SIGNATURES Named Insured Endorsement Number Colorado Counties Casualty and Property Pool 1 Policy Symbol PolicyNumber Policy Period Effective Date of Endorsement EON G25660328 005 01/01/2018 to 01/01/2019 01/01/2018 Issued By(Name of Insurance Company) ACE American Insurance Company THE ONLY SIGNATURES APPLICABLE TO THIS POLICY ARE THOSE REPRESENTING THE COMPANY NAMED ON THE FIRST PAGE OF THE DECLARATIONS. By signing and delivering the policy to you, we state that it is a valid contract. INDEMNITY INSURANCE COMPANY OF NORTH AMERICA (A stock company) BANKERS STANDARD FIRE AND MARINE COMPANY (A stock company) BANKERS STANDARD INSURANCE COMPANY (A stock company) ACE AMERICAN INSURANCE COMPANY (A stock company) ACE PROPERTY AND CASUALTY INSURANCE COMPANY (A stock company) INSURANCE COMPANY OF NORTH AMERICA(A stock company) PACIFIC EMPLOYERS INSURANCE COMPANY (A stock company) ACE FIRE UNDERWRITERS INSURANCE COMPANY (A stock company) WESTCHESTER FIRE INSURANCE COMPANY (A stock company) 436 Walnut Street, P.O. Box 1000, Philadelphia, Pennsylvania 19106-3703 P-OW, REBECCA L COLLINS,Secretary Authorized Representative Chubb.insured:' CC-1 K11 h (03/14) 2018 CAPP Network Liability Policy CAPP Page 28 of 39 THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. Named Insured EndorsementNumber Colorado Counties Casualty and Property Pool 2 Policy Symbol PolicyNumber Policy Period Effective Date of Endorsement EON G25660328 005 01/01/2018 to 01/01/2019 01/01/2018 Issued By(Name of Insurance Company) ACE American Insurance Company Notice Amended It is agreed that the Notice section of the Policy is amended by adding the following: Notwithstanding anything in this section to the contrary, written Claim notices may also be transmitted via email to the following address: ACECIaimsFirstNotice@chubbgroup.com All other terms and conditions of this Policy remain unchanged. Authorized Representative PF-33468 (02/11) Page 1 of 1 2018 CAPP Network Liability Policy CAPP Page 29 of 39 TRADE OR ECONOMIC SANCTIONS ENDORSEMENT Named Insured EndorsementNumber Colorado Counties Casualty and Property Pool 3 Policy Symbol PolicyNumber PolicyPeriod Effective Date of Endorsement EON G25660328 005 01/01/2018 to 01/01/2019 01/01/2018 Issued By(Name of Insurance Company) ACE American Insurance Company THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. This insurance does not apply to the extent that trade or economic sanctions or similar laws or regulations prohibit us from providing insurance, including, but not limited to, the payment of claims. All other terms and conditions of policy remain unchanged. Authorized Agent PF-46422 (07/15) Page 1 of 1 2018 CAPP Network Liability Policy CAPP Page 30 of 39 THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. Named Insured EndorsementNumber Colorado Counties Casualty and Property Pool 4 PolicySymbol PolicyNumber Policy Period Effective Date of Endorsement EON G25660328 005 01/01/2017 to 01/01/2018 01/01/2017 Issued By(Name of Insurance Company) ACE American Insurance Company False Claims Act Exclusion It is agreed that Exclusions section of the Policy is amended by adding the following additional exclusion: alleging, based upon, arising out of, or attributable to, or directly or indirectly resulting from the False Claims Act (31 U.S.C. §§ 3729-3733), or any similar provision of any federal, state, local or foreign law, or any amendments thereto; All other terms and conditions of this Policy remain unchanged. Authorized Representative PF-38981 (01/13) Page 1 of 1 2018 CAPP Network Liability Policy CAPP Page 31 of 39 THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. Named Insured EndorsementNumber Colorado Counties Casualty and Property Pool 5 PolicySymbol Policy Number PolicyPeriod Effective Date of Endorsement EON G25660328 005 01/01/2018 to 01/01/2019 01/01/2018 Issued By(Name of Insurance Company) ACE American Insurance Company Privacy Enhancement Endorsement This endorsement modifies insurance provided under the following: ACE Privacy Protection Privacy and Network Liability Insurance Policy It is agreed that the Policy is amended as follows: 1. Item 8 of the Declarations is deleted and the following is inserted: Item 8. Optional Extended Reporting Period: A. Additional Premium: B. Additional Period: 100% of Annual Premium 12 months 150% of Annual Premium 24 months 200% of Annual Premium 36 months 2. Section II, Definitions, is amended as follows: a. Solely with respect to Data Breach Expenses resulting from Subsection EE.1.a.ii of the Definitions section, Subsection H, the definition of Data Breach Expenses is deleted in its entirety and replaced with the following: H. Data Breach Expenses means those reasonable and necessary expenses incurred by the Insured or which the Insured becomes legally obligated to pay to retain third party computer forensics services to determine the scope of a failure of Network Security; b. Subsection K, the definition of Insured, is amended by adding the following provisions: Insured also means any client or customer of the Named Insured or Subsidiary, but only if a written contract entered into by the Named Insured or Subsidiary specifically requires that such client or customer be added as an additional Insured for privacy protection and network liability insurance, and only for Claims (i) first made on or after the effective date of this endorsement and (ii) for vicarious or imputed liability of such client or customer which results from Wrongful Acts committed solely by the Named Insured or Subsidiary. The Policy will not provide coverage for any Wrongful Act committed by such client or customer referenced above which is added to this Policy as an additional Insured. Insured also means an entity formed as a joint venture or partnership, but solely with respect to the Named Insured's ownership interest in such entity. c. Subsection EE, the definition of Wrongful Act, is amended as follows: i. Numbered paragraph 1.a.ii. is amended by deleting the phrase "and specifically identified as confidential"; ii. Numbered paragraph 1.b is deleted in its entirety and replaced with the following: b. an unintentional violation by the Insured of any Privacy Regulation, including but not limited to the unintentional wrongful collection of Personal Information by the Insured; PF-46286 (06/15) ©2015 Page 1 of 4 2018 CAPP Network Liability Policy CAPP Page 32 of 39 iii. Numbered paragraph 2 is deleted in its entirety and replaced with the following: 2. With respect only to Insuring Agreement B, the failure by the Insured or by an independent contractor for which the Insured is legally responsible to properly handle, manage, store, destroy or otherwise control: a. Personal Information; or b. third party corporate information in any format provided to the Insured and protected under a nondisclosure agreement or similar contract with the Named Insured or Subsidiary; 3. Section III, Exclusions, is amended as follows: a. Exclusion A is deleted in its entirety and replaced with the following exclusion: alleging, based upon, arising out of or attributable to any dishonest, fraudulent, criminal, or malicious act, error or omission, or any intentional or knowing violation of the law by an Insured. However, this exclusion shall not apply until there is a final judgment against, binding arbitration against, adverse admission by, finding of fact against, or plea of nolo contendere or no contest by the Insured, or other final adjudication against the Insured in the underlying action that includes a determination that such conduct occurred. Solely with respect to the applicability of this exclusion under Insuring Agreements A, B, and C, only facts pertaining to and knowledge possessed by the Named Insured's Chief Executive Officer, Chief Technology Officer, Chief Information Officer, Chief Financial Officer, General Counsel, Risk Manager, or organizational equivalents of an Insured shall be imputed to other Insureds. b. Exclusion C is deleted in its entirety and replaced with the following exclusion: C. for breach of any express, implied, actual or constructive contract, warranty, guarantee, or promise, including any actual or alleged liability assumed by the Insured, unless such liability would have attached to the Insured even in the absence of such contract, warranty, guarantee, or promise. Solely with respect to Insuring Agreement A, Privacy Liability, this exclusion shall not apply to the Insured's contractual obligation to maintain the confidentiality or security of third party personal or corporate information to the extent coverage is otherwise afforded under Insuring Agreement A, Privacy Liability. c. Exclusion D is amended by inserting the following provision: In addition, solely with respect to Claims asserted by such client or customer referenced above in the amended definition of Subsection K, Insured, alleging, based upon, arising out of, or attributable to Wrongful Acts for which coverage is afforded under Insuring Agreement A, this exclusion shall not apply. d. Exclusion G is amended by inserting the following at the end thereof: However, solely with respect to that portion of a Claim alleging a Wrongful Act expressly covered under Insuring Agreement A, this exclusion shall not apply. e. Exclusion H is deleted in its entirety and replaced with the following exclusion: H. alleging, based upon, arising out of or attributable to the gaining in fact of any profit, remuneration or financial advantage to which any Insured was not legally entitled. However, this exclusion shall not apply until there is a final judgment against, binding arbitration against, adverse admission by, finding of fact against, or plea of nolo contendere or no contest by the Insured, or other final adjudication against the Insured in the underlying action that includes a determination that such conduct occurred. Solely with respect to the applicability of this exclusion under Insuring Agreements A and C, only facts pertaining to and knowledge possessed by the Named Insured's Chief Executive Officer, Chief Technology Officer, Chief Information Officer, Chief Financial Officer, General Counsel, Risk Manager, or organizational equivalents of an Insured shall be imputed to other Insureds. f. Exclusion J is amended by deleting the phrase "any principal, partner, officer, director or organizational equivalent of the Insured knew or reasonably could have foreseen that the Wrongful Act did or could lead to a Claim", and inserting in its place the phrase: "the Named Insured's Chief Executive Officer, Chief Technology Officer, President, General Counsel, Risk Manager, Managing Partner, Equity Partner PF-46286 (06/15) ©2015 Page 2 of 4 2018 CAPP Network Liability Policy CAPP Page 33 of 39 or organizational equivalents knew or reasonably could have foreseen that the Wrongful Act did or could lead to a Claim." g. Exclusion K is amended at numbered paragraph 1 by deleting the phrase "and of which an Insured had notice," and inserting in its place the phrase: "and of which the Named Insured's Chief Executive Officer, Chief Technology Officer, President, General Counsel, Risk Manager, Managing Partner, Equity Partner or organizational equivalents had notice,". h. Exclusions R and S are amended by inserting the following sentence at the end thereof: Furthermore, solely with respect to the actual or alleged misappropriation of a Trade Secret, or other intellectual property of any third party, this exclusion shall not apply to a Wrongful Act as set forth in section II, Definitions, subsection EE, paragraph 1.a.ii. i. Exclusion X is amended by inserting the following provision at the end thereof: However, with respect to a Wrongful Act expressly covered under Insuring Agreements A, B, C, this exclusion shall not apply. 4. Section VIII, Notice, is amended as follows: a. Subsection A is amended by deleting the phrase "30 days" and inserting the phrase "60 days" in its place. b. The phrase "principal, partner, officer, director or organizational equivalent of an Insured" is deleted from subsection A, line one and from subsection B, lines one and two, and the following phrase is inserted in its place: "Named Insured's Chief Executive Officer, Chief Financial Officer, Chief Technology Officer, Chief Information Officer, General Counsel, Risk Manager, or organizational equivalents". c. The following provision is added: In addition to the foregoing, notice to the Insurer of any Claim or Wrongful Act may be given to the Insurer via electronic mail at the address shown in Item 6 of the Declarations. 5. Section IX, Defense and Settlement, is amended by deleting subsection C in its entirety and inserting the following: C. The Insurer shall not settle any Claim without the written consent of the Named Insured. If the Named Insured refuses to consent to a settlement or a compromise recommended by the Insurer and acceptable to the claimant, then the Insurer's Limit of Liability under this Policy with respect to such Claim shall be reduced to (i) the amount of Damages for which the Claim could have been settled plus all Claims Expenses incurred up to the time the Insurer made its recommendation to the Named Insured, plus (ii) 50% of all subsequent covered Damages and Claims Expenses in excess of such amount referenced in (i), the remaining 50% of which shall be borne by the Insureds uninsured and at their own risk. However, this subsection does not apply to any potential settlement that is within the Retention. 6. Section XII, Material Changes In Conditions, subsection A, is amended by deleting the phrase "exceeds 10% of the total assets" and inserting the phrase "exceeds 20% of the total revenues", and deleting the phrase "60 days" and inserting the phrase "90 days" in its place. 7. Section XIII, Representations, is amended as follows: a. Subsection B is amended by deleting numbered paragraph 3 in its entirety and inserting the following: 3. in the event the Application, including materials submitted or required to be submitted therewith, contains any misrepresentation or omission made with the intent to deceive or which materially affects either the acceptance of the risk or hazard assumed by the Insurer under this Policy, this Policy shall be void ab initio as to any Insured who knew the facts misrepresented or the omissions, whether or not such person knew of the Application or this Policy. For purposes of this section, only facts pertaining to and knowledge possessed by the Named Insured's Chief Executive Officer, Chief Financial Officer, Chief Technology Officer, Chief Information Officer, General Counsel, Risk Manager, or organizational equivalents shall be imputed to all Insureds. The knowledge of an PF-46286 (06/15) ©2015 Page 3 of 4 2018 CAPP Network Liability Policy CAPP Page 34 of 39 Insured, other than the aforementioned officers or employees, shall not be imputed to any other Insured. b. Subsection C is deleted. 8. Section XIV, Termination of the Policy, is amended as follows: a. Subsection A is deleted in its entirety and replaced with the following: A. This Policy shall terminate at the earliest of the following times: 1. 10 days after receipt by the Named Insured of a written notice of termination from the Insurer for failure to pay a premium when due, unless the premium is paid within such 10 day period; or 2. upon expiration of the Policy Period as shown in Item 2 of the Declarations; b. The phrase "at the customary short rate" is deleted from the first sentence of subsection B and replaced with the phrase "pro rata". All other terms and conditions of this Policy remain unchanged. Authorized Representative PF-46286 (06/15) ©2015 Page 4 of 4 2018 CAPP Network Liability Policy CAPP Page 35 of 39 Access to eRisk Hub® Notice to Policyholders This Policyholder Notice shall be construed as part of your policy but no coverage is provided by this Policyholder Notice nor can it be construed to replace any provisions of your policy. You should read your policy and review your Declarations page for complete information on the coverages you are provided. This Notice provides information concerning access to the eRisk Hub®, a private web-based loss prevention portal to help policyholders manage cyber risk. Founded and managed by NetDiligence , a leading network security and e-risk assessment services company, the eRisk Hub is a private, web-based portal containing information and technical resources that can assist you in the prevention of network and privacy losses and support you in the timely reporting and recovery if an incident occurs. The eRisk Hub portal is an internet-based service that features news, content and access to leading practitioners in risk management, computer forensics, forensic accounting, crisis communications, legal counsel, and other highly-specialized segments of cyber risk. Please note the following: 1. The eRisk Hub portal is private and secure. Do not share portal access instructions with anyone outside your organization. You are responsible for maintaining the confidentiality of the Chubb Access Code provided to you. 2. The eRisk Hub portal is for Chubb clients only. Up to three individuals from your organization may register and use the portal. Ideal candidates include your company's Risk Manager, Compliance Manager, Privacy Officer, IT Operations Manager, or Legal Counsel. 3. The eRisk Hub portal contains a directory of experienced providers of cyber risk management and breach recovery services. Chubb does not endorse these companies or their respective services. Before you engage any of these companies, we urge you to conduct your own due diligence to ensure the companies and their services meet your needs. Unless otherwise indicated or approved, payment for services provided by these companies is your responsibility. 4. Should you experience a data breach event, you may choose to call the Data Breach Coach Hotline listed in the portal for immediate triage assistance. Please be aware that the hotline service is provided by a third-party law firm. If you engage this service, it is billable to you at the standard rate per hour outlined in the Chubb Data Breach Team Panel Guidelines. Therefore, calling the hotline does NOT satisfy the claim notification requirements of your policy. To register for the eRisk Hub: 1. Send an e-mail request to https://acecyberrisk.com https//acecyberrisk.com including the following information to obtain a copy of your Chubb Access Code to the eRisk Hub: a. Your Name (up to three individuals from you organization may register and use the portal) b. Your Title c. Your Phone Number d. Named Insured (Item 1. of your Policy) e. Policy Number Within four business days you will receive a copy of your Chubb Access Code. 2. Go to www.eriskhub.com/chubb.php. 3. Complete the registration form (this will require your Chubb Access Code from Step 1 above). 4. Once registered, access the portal by going to https://acecyberrisk.com and completing the User Login. PF-25176a(06/10) Page 1 of 1 2018 CAPP Network Liability Policy CAPP Page 36 of 39 Access to the Data Breach Team Notice to Policyholders This Policyholder Notice shall be construed as part of your policy but no coverage is provided by this Policyholder Notice nor can it be construed to replace any provisions of your policy. You should read your policy and review your Declarations page for complete information on the coverages you are provided. This Notice provides information concerning access to the Data Breach Team Panel List, a list of approved service providers to provide legal, computer forensic, notification, call center, public relations, crisis communications, fraud consultation, credit monitoring, and identity restoration advice and services. The list of approved service providers is available at the eRisk Hub°website. Please note, you must first register with the eRisk Hub° before you can access the Data Breach Team Panel List. Please refer to the Access to eRisk Hub° Notice to Policyholders for instructions on how to register to the eRisk Hub®. Once registered, you can access the portal by going to https://acecyberrisk.com and completing the User Login. In the event of a data breach event, a copy of the Data Breach Panel List can also be obtained from the Data Breach Coach, the law firm within the Data Breach Team designated for consultative and pre-litigation services provided to you. In the event of a breach, contact the Data Breach Coach as indicated on the amended Declarations of the Data Breach Endorsement. Please note the following: 1. Chubb shall not be a party to any agreement entered into between any Data Breach Team service provider and the policyholder. It is understood that Data Breach Team service providers are independent contractors, and are not agents of Chubb. The policyholder agrees that Chubb assumes no liability arising out of any services rendered by a Data Breach Team service provider. Chubb shall not be entitled to any rights or subject to any obligations or liabilities set forth in any agreement entered into between any Data Breach Team service provider and the policyholder. Any rights and obligations with respect to such agreement, including but limited to billings, fees and services rendered, are solely for the benefit of, and borne solely by such Data Breach Team service provider and the policyholder, and not Chubb. 2. Chubb has no obligation to provide any of the legal, computer forensic, notification, call center, public relations, crisis communications, fraud consultation, credit monitoring, and identity restoration advice and services provided by the Data Breach Team. 3. The policyholder is under no obligation to contract for services with Data Breach Team service providers, except as amended by the Data Breach Team Endorsement. 4. Solely with respect to policyholder's wishing to execute the terms and conditions provided by the Data Breach Team Endorsement: a. Failure to comply with any one or more of the requirements of the endorsement will preclude coverage under the endorsement, and the policy will retain its original terms and conditions as if the Data Breach Team Endorsement had not been attached to the policy. b. Chubb may, at its sole discretion as evidenced by the Chubb's prior written approval, on or before the effective date of the policy, permit the policyholder to retain alternative service providers to provide services comparable to the services offered by the Data Breach Team. c. If, during the policy, either (i) any of the Data Breach Team service providers is unable to or does not provide the services covered under Data Breach Expenses or (ii)there is a change of law or regulation that prevents service providers selected exclusively from the Data Breach Team from providing the legal, computer forensic, notification, call center, public relations, crisis communications, fraud consultation, credit monitoring, and identity restoration advice and services sought by the policyholder: Chubb may, at its sole discretion as evidenced by the Chubb's prior written approval, permit the policyholder to retain alternative service providers to provide services comparable to the services offered by the Data Breach Team. Further, the maximum rate Chubb will pay for Data Breach Expenses shall be no more than the rates outlined in the Chubb Data Breach Team Panel Guidelines for such services. PF-30265 (07/10) Page 1 of 1 2018 CAPP Network Liability Policy CAPP Page 37 of 39 CHUB Er Chubb Producer Compensation Practices & Policies Chubb believes that policyholders should have access to information about Chubb's practices and policies related to the payment of compensation to brokers and independent agents. You can obtain that information by accessing our website at http://www.aceproducercompensation.com or by calling the following toll-free telephone number: 1-866-512-2862. ALL-20887a (03/16) 2018 CAPP Network Liability Policy CAPP Page 38 of 39 U.S. Treasury Department's Office Of Foreign Assets Control ("OFAC") Advisory Notice to Policyholders This Policyholder Notice shall not be construed as part of your policy and no coverage is provided by this Policyholder Notice nor can it be construed to replace any provisions of your policy. You should read your policy and review your Declarations page for complete information on the coverages you are provided. This Notice provides information concerning possible impact on your insurance coverage due to directives issued by OFAC. Please read this Notice carefully. The Office of Foreign Assets Control (OFAC) administers and enforces sanctions policy, based on Presidential declarations of "national emergency". OFAC has identified and listed numerous: • Foreign agents; • Front organizations; • Terrorists; • Terrorist organizations; and • Narcotics traffickers; as "Specially Designated Nationals and Blocked Persons". This list can be located on the United States Treasury's web site - http//www.treas.gov/ofac. In accordance with OFAC regulations, if it is determined that you or any other insured, or any person or entity claiming the benefits of this insurance has violated U.S. sanctions law or is a Specially Designated National and Blocked Person, as identified by OFAC, this insurance will be considered a blocked or frozen contract and all provisions of this insurance are immediately subject to OFAC. When an insurance policy is considered to be such a blocked or frozen contract, no payments nor premium refunds may be made without authorization from OFAC. Other limitations on the premiums and payments also apply. PF-17914a(04/16) Reprinted, in part, with permission of Page 1 of 1 ISO Properties, Inc. 2018 CAPP Network Liability Policy CAPP Page 39 of 39 Hello