CG 21 06: Exclusion – Access Or Disclosure Of Confidential Or Personal Information And Data-related Liability – With Bodily Injury Exception
Current Edition: 12 19 · Full ID: CG 21 06 12 19
Have a CG 21 06?
Upload it for instant AI analysis — form identification, coverage impact, gap detection, and E&O risk scoring.
What Is CG 21 06?
This endorsement removes coverage for claims related to data breaches, unauthorized access to personal information, and cyber-related liability from the CGL policy. However, it preserves coverage when such events result in bodily injury. An insured whose data breach causes someone physical harm would still have CGL coverage for the bodily injury portion.
Technical Summary: Excludes damages arising out of any access to or disclosure of any person's or organization's confidential or personal information, including but not limited to patents, trade secrets, processing methods, customer lists, financial information, credit/debit card numbers, health information, or any similar data. Also excludes loss of use of electronic data. The critical carve-back: bodily injury arising out of such access or disclosure remains covered. Less restrictive than CG 21 07, which eliminates even the BI exception.
What CG 21 06 Covers
- +Bodily injury that results from access to or disclosure of confidential/personal information (exception preserved)
What CG 21 06 Does NOT Cover
- -Property damage arising from data breach or unauthorized access to personal information
- -Personal and advertising injury related to data/privacy violations
- -Loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data
- -Damages for notification costs, credit monitoring, forensic investigation, regulatory fines related to data breaches
- -Claims arising from unauthorized collection of personal data
Key Provisions
- ●Bodily injury exception is the key distinguishing feature versus CG 21 07
- ●Exclusion applies regardless of whether the access or disclosure was intentional, negligent, or accidental
- ●Electronic data is broadly defined to include all forms of digital information
- ●The exclusion targets the CGL's Coverage A (BI/PD) for property damage and Coverage B (personal/advertising injury)
Edition History
- • Broadened the scope of excluded data-related liability
- • Updated electronic data definitions to reflect modern technology
- • Clarified application to cloud-based and SaaS-related exposures
Common Mistakes & E&O Warnings
This endorsement is frequently attached to CGL policies without the insured being informed or understanding the gap it creates. Agents who fail to recommend standalone cyber liability coverage when this endorsement is present face significant E&O exposure. Data breaches are increasingly common across all industries, and the insured's expectation is that their 'general liability' covers them. The bodily injury exception makes this slightly less dangerous than CG 21 07, but the gap is still severe for most commercial accounts.
- ⚠Believing the CGL still covers data breach claims — it does not once this endorsement is attached
- ⚠Confusing CG 21 06 with CG 21 07 — this version keeps the bodily injury exception, CG 21 07 does not
- ⚠Assuming only 'tech companies' need to worry about this exclusion — any business handling customer data is affected
- ⚠Not recommending standalone cyber liability coverage when this endorsement is present
- ⚠Thinking the exclusion only applies to intentional data breaches — it applies to negligent and accidental disclosures too
Frequently Asked Questions
What is the difference between CG 21 06 and CG 21 07?
CG 21 06 preserves coverage for bodily injury arising from data breaches, while CG 21 07 excludes even bodily injury. CG 21 06 is less restrictive. For example, if a hospital's data breach leads to a patient receiving wrong medication causing physical harm, CG 21 06 would still cover the bodily injury claim, but CG 21 07 would not.
Does CG 21 06 mean I need cyber insurance?
Yes. With CG 21 06 attached, your CGL policy no longer covers data breach liability, notification costs, regulatory fines, or privacy-related claims. A standalone cyber liability policy is strongly recommended.
Is CG 21 06 standard on most CGL policies now?
Many carriers now attach either CG 21 06 or CG 21 07 as standard on CGL policies. Agents should check every renewal for these endorsements and ensure the insured has standalone cyber coverage to fill the gap.
Analyze any endorsement in 30 seconds
Upload a PDF or paste endorsement text. Our AI identifies the form, explains coverage impact, detects gaps, and scores E&O risk — instantly.
Analyze Your Endorsement