CG 21 06CGL

Exclusion — Access Or Disclosure Of Confidential Or Personal Information And Data-Related Liability

Excludes data-breach / cyber liability from the CGL — a gap for tech-touching trades.

What it actually does

CG 21 06 excludes coverage for injury or damage arising out of the access to or disclosure of confidential or personal information (the cyber/data-breach exclusion), and — in its broader versions — damages arising out of the loss of, or loss of use of, or corruption of electronic data.

ISO added this exclusion to make clear the CGL is not a cyber policy. For most construction trades it changes little, because their exposure isn't data-related. But for subs handling building-automation systems, access controls, security/IT integration, or large amounts of personal data, CG 21 06 is a real gap — those exposures belong on a cyber policy, not the CGL.

When reviewing COIs, treat CG 21 06 as expected boilerplate for ordinary trades, but flag it for technology-adjacent subcontractors and confirm they carry separate cyber coverage where the work warrants it.

Verification checklist

  • 01Recognize CG 21 06 as the standard cyber/data exclusion on modern CGLs.
  • 02For technology/security/controls subs, confirm separate cyber liability coverage exists.
  • 03Match the breadth of the exclusion to the sub's actual data exposure.

Common mistakes

  • ·Expecting the CGL to respond to a data breach — CG 21 06 excludes it; cyber coverage is separate.
  • ·Ignoring the exclusion for subs whose work genuinely involves data or connected systems.

Frequently asked questions

Does CG 21 06 matter for a typical sub?

Usually not — most trades have no data exposure. It matters for subs touching IT, security, building-automation, or personal data, who should carry separate cyber coverage.

Is CG 21 06 a red flag?

It's standard boilerplate on modern CGLs, not a defect. It's only a concern when the sub's work involves data or connected systems.

What covers cyber/data-breach exposure instead?

A dedicated cyber liability policy. The CGL is not designed to cover data-breach or electronic-data liability.

Checking a COI for CG 21 06?

Upload it free — we'll tell you whether CG 21 06 is actually attached, the right edition, and scheduled correctly, plus every other gap against your requirements.

Check a COI for CG 21 06 →

Related endorsements

CG 21 49
Excludes ALL pollution claims — important for environmental/abatement subs.
CG 21 47
Excludes employment claims (wrongful termination, harassment) — belongs on an EPLI policy.

This page explains CG 21 06 in plain English for COI verification. It is informational only and is not legal or insurance advice — confirm the actual endorsement language and have your counsel or insurance agent review your specific requirements.