CCPA FAQs
General information
What is CCPA?
The California Consumer Privacy Act of 2018 (CCPA) is a new law that changes and raises the bar for the collection and processing of personal information (PI) of California consumers. CCPA goes into effect on January 1, 2020.
What does CCPA require JPMorgan Chase to do?
CCPA requires JPMorgan Chase to create a way for eligible California residents to exercise their rights under the law, and to fulfill those consumer privacy rights regarding their personal info. These rights include:
- Right to notice: Consumers have the right to be informed about collection, disclosure, and sale of their personal info, including: the personal info collected; the categories of personal info disclosed or sold; the categories of sources of personal info and categories of third parties to whom that info is sold or disclosed; the purpose of collecting or selling personal info; and a description of the consumer’s rights.
- Right to access: Users have the right to request the specific pieces of personal info JPMorgan Chase has collected about them; the categories of personal info we collected; the sources used to collect the personal info; the business or commercial purposes for collecting that info; and the categories of third parties with whom we share their personal info.
- Right to data portability: the right to obtain copies of their personal information in a readily usable format that will allow them to transmit the information from one entity to another.
- Right to delete: the right to request that JPMorgan Chase delete the personal info that we collected.
- Right to Equal Service and Price: the right not to be discriminated against for exercising any of these rights.
Please review the California Consumer Privacy Act (CCPA) Disclosure for additional details.
Am I covered by CCPA?
You're covered by CCPA if you are a California resident and aren't excluded based on your relationship with us.
I’m a representative of a business that has a relationship with JPMorgan Chase. Can I exercise rights under the CCPA?
Yes, but personal information related to your business relationship is considered exempt from the CCPA and will not be included your CCPA response.
I’m a current or former JPMorgan Chase customer. Can I exercise rights under the CCPA?
Customers include individuals with current retail relationships with us as well as those who applied for, but were denied or otherwise did not get, financial products or services offered by JPMorgan Chase. Personal info collected, processed, or disclosed in connection with our retail customer relationships is exempt from the CCPA. JPMorgan Chase is not processing requests from current or former customers. Additionally, your personal information is regulated by other state and federal laws. If you are a current customer, you can access much of the personal information we have about you by logging into your account online.
Can I still send a request if I’m not a customer?
If you are a California resident you can send us a CCPA request. The CCPA does not require you to be a JPMorgan Chase customer to make a request.
I am not in California but I do have a residence there. Can I still request what personal information you have about me?
Yes, you can send in a request if you use your California address when completing your CCPA request.
Submitting your CCPA request
How do I send in a CCPA request?
Go to chase.com/ccparequest or jpmorgan.com/ccparequest to send in a CCPA request online, or call us at 1-800-573-7138. You can call the CCPA privacy call center toll free number 1-800-573-7138 between 7 AM – 1 AM ET.
What information is needed from me to send a CCPA request?
We need to verify your identity to protect your personal information, as well as that of others. When we verify who you are, we're ensuring that the person making the request is authorized to do so. You'll need to tell us your name, address, phone number, email, date of birth and the last 4 digits of your Social Security number.
What happens after I send in a CCPA request?
Once we have your completed request, you will be given a reference number as confirmation that your request was received. We'll send you a response within 45 days.
Can I send a request on behalf of someone else (spouse, mother, father, etc.)?
You can if you complete a limited CCPA power of attorney form. A link to this document is included on the website within the CCPA request process, or you can download it by choosing the link below. Please make sure that the name you use when completing the power of attorney (POA) form exactly matches the name you use on the CCPA request that you send in.
Although you may already have a POA (Power of Attorney) form on file with JPMorgan Chase, this POA is specific to CCPA and involves rights to your personal information. This document helps us ensure your info is properly secured and protected and is required to submit an on behalf of request.
Download CCPA Power of Attorney form
I’ve misplaced my CCPA reference number. Where do I go to find it?
Your reference number will be included with your CCPA response.
What personal info of mine will you keep as a result of my CCPA request?
We'll maintain your name, address, e-mail and phone number for 13 months as evidence that we received your request and acted on it.
Receiving your CCPA response
How do I receive my CCPA Response?
You'll get your CCPA response either electronically or by U.S. mail, whichever you chose when you sent in your request.
If you choose digital delivery and you do not have an existing digital profile with JPMorgan Chase, you will need to create a CCPA Privacy Profile. The CCPA Privacy Profile is a secure option available to users who don't bank with JPMorgan Chase, but who still want to receive their CCPA response electronically. With a privacy profile, you can easily send in future or follow-up requests and receive your responses by a secure and trusted method. Creating a privacy profile won't create an account with us.
How long does it take to receive my CCPA response?
You can expect to hear from us within 45 days after you submitted your initial request. We hope it’s rare, but in some instances the first response you get from us may be a notification that your response is delayed for up to an additional 45 days.
I didn’t get what I expected in my CCPA response. Can I make another request?
If you received your response to a request and you don't believe that it's complete, you can send a follow-up request online at chase.com/ccparequest or jpmorgan.com/ccparequest. You should include in that follow-up request the reasons why you believe the response was incomplete. Keep in mind that we only retain consumer info for a certain period of time, so we may no longer have your information at the time you request it.
Why was my CCPA request declined?
Our response to your request should tell you why your request was denied. If you disagree with the response, you can send a follow-up request online at chase.com/ccparequest or jpmorgan.com/ccparequest and explain why you disagree. Keep in mind that we only retain consumer info for a certain period of time, so we may no longer have your information at the time you request it.
There are several reasons why your request could have been declined, including the following:
- If you aren't a California resident, you aren't covered by CCPA.
- If you're an existing JPMorgan Chase customer, you already have access to your personal info. You can sign in to your online profile and get information that way. You also get annual privacy notices with details about the personal info we collect.
- If we previously collected data but we no longer have your information at the time of your request
I don't understand the response to my CCPA request. How can I ask questions?
You can send in a follow-up request to clarify questions from your original request. Please review this complete list of FAQs to see if they can answer any of your questions.
I sent in a request to access my info, now I'd like to request to delete it. How do I do that?
You can send in another request and ask that your info be deleted.
I’d like to delete my personal information. Will I receive a copy of the personal information that will be deleted?
We are unable to provide the deleted data once your CCPA request for deletion has been completed. You must submit an access request to obtain a copy of personal information we have collected and maintain about you.
My CCPA response stated that you were unable to verify my identity. What does that mean?
We might not have been able to verify your identity for several reasons: The info you provided for verification didn't match what we have on file, or we didn't have enough info on you in our files to make a match.
Protecting your data
How does JPMorgan Chase keep my information safe?
We use reasonable physical, electronic, and procedural safeguards that comply with federal standards to protect and limit access to your personal information. This includes device safeguards and secured files and buildings. Go to chase.com/privacy or jpmorgan.com/privacy for more details about how we protect your personal information.
Please note that information you send to us electronically may not be secure when it's transmitted to us. We recommend that you don't use unsecure channels to communicate sensitive or confidential info (such as your Social Security number) to us.
Where are your privacy policies?
Your privacy is important to us and we take our responsibility to protect the privacy and confidentiality of your information, including personal information, very seriously. We follow a clear set of guidelines each time we talk with you about your accounts or share your information with others. Our online privacy policies explain how we collect, share, use, and protect information when you go to or use our online services. Other privacy principles or policies could apply depending on how you interact with us, the financial products or services you have with us, or the jurisdiction in which we are doing business with you. To learn more about our privacy practices please go to:
chase.com/privacy
jpmorgan.com/privacy
You can also access our more general privacy-related FAQs by following this link: chase.com/ccpafaqs or jpmorgan.com/ccpafaqs.
What does JPMorgan Chase do with my personal info?
We use your personal info to verify your identity, and to respond to a request you've made. We also may use it to offer our products and services to you. If we collect your personal info through our website or mobile services, we may use that info to perform analytics concerning your use of our online services, or to provide you with tailored content and marketing messages. We may also need to use your personal info to comply with our legal requirements, industry standards, or contractual obligations. You can find a full description of our privacy policy at chase.com/privacy or jpmorgan.com/privacy.
