What is CCPA?
The California Consumer Privacy Act of 2018 (CCPA) is a new law that changes and raises the bar for the collection and processing of personal information of California residents. CCPA goes into effect on January 1, 2020.
What does CCPA require JPMorgan Chase to do?
CCPA requires JPMorgan Chase to create a way for eligible California residents to exercise their rights under the law and to fulfill those consumer privacy rights regarding their personal info. While JPMorgan Chase doesn’t engage in all activities covered by CCPA, these rights generally include:
- Right to notice: the right to be informed about collection, disclosure and sale of their personal info, including: the personal info collected; the categories of personal info disclosed or sold; the categories of sources of personal info and categories of third parties to whom that info is sold or disclosed; the purpose of collecting or selling personal info; and a description of the consumer’s rights.
- Right to access: the right to request the specific pieces of personal info JPMorgan Chase has collected about them; the categories of personal info we collected; the sources used to collect the personal info; the business or commercial purposes for collecting that information; and the categories of third parties with whom we share their personal info.
- Right to data portability: the right to obtain copies of their personal info in a readily usable format that will allow them to transmit the information from one entity to another.
- Right to opt out of sale: the right to opt out of the sale of their personal info to a third party.
- Right to delete: the right to request that their personal info be deleted.
- Right to equal service and price: the right not to be discriminated against for exercising any of these rights.
Am I covered by CCPA?
You're covered by CCPA if you are a California resident and aren't excluded based on your existing relationship with us. For example, if you’re our customer, you don't need to make a CCPA request because you already have access to your personal info through your customer relationship.
Can I still send a request if I’m not a customer?
Yes. CCPA covers non-customers who are California residents.
I’m not in California, but I do have a residence there. Can I still request what personal info you have about me?
Yes. Make sure to use your California address when completing your CCPA request.
Sending in a CCPA request
How do I send in a CCPA request?
Go to chase.com/ccparequest or jpmorgan.com/ccparequest to send in a CCPA request online, or call us at 1-800-573-7138. You can call the CCPA privacy call center toll free number 1-800-573-7138 between 7 AM – 1 AM ET.
What information is needed from me to send a CCPA request?
We need to verify your identity to protect your personal info as well as that of others. When we verify who you are, we're ensuring that the person making the request is authorized to do so. You'll need to tell us your name, address, phone number, email, date of birth and the last 4 digits of your Social Security number. For security reasons, we can only send your CCPA response to a residential street address. P.O. Boxes, APO and FPO addresses will not be accepted.
What happens after I send in a CCPA request?
Once we have your completed request, we’ll give you a reference number as confirmation that your request was received. We'll send you a response or contact you about the status of your response within 45 days.
Can I send a request on behalf of someone else (spouse, mother, father, etc.)?
You can if the person you are making the request for completes a CCPA limited power of attorney (POA) form. A link to this document is included on the website within the CCPA request process, or you can download it by choosing the link below. Please make sure that the names used on the completed POA form exactly match the names on the CCPA request you send in.
Download CCPA POA form
Can someone send a request on my behalf?
Yes, if you complete a CCPA limited power of attorney (POA) form to give them authority to make the request. Even if you already have a POA on file with JPMorgan Chase, the CCPA POA is specific to CCPA and involves rights to your personal info. Completing this document helps us ensure that we’re disclosing your personal info to someone who has your permission to receive it.
Where do I find my CCPA reference number?
We provide your reference number with the confirmation of your completed request, and it will be included with your CCPA response.
What personal info of mine will you keep as a result of my CCPA request?
We'll maintain your name, address, email and phone numbers for 13 months as evidence that we received your request and acted on it.
Receiving your CCPA response
How do I receive my CCPA Response?
You'll get your CCPA response either electronically or by U.S. mail, whichever you choose when you send in your request.
If you choose digital delivery and you don’t have an existing digital profile with JPMorgan Chase, you’ll need to create a CCPA privacy profile. This is a secure option available to users who don't bank with JPMorgan Chase, but who still want to receive their CCPA response electronically. With a CCPA privacy profile, you can easily send in future or follow-up requests and receive your responses by a secure and trusted method. Creating a CCPA privacy profile won't create an account with us.
How long does it take to receive my CCPA response?
You can expect to receive your CCPA response or an update on the status of your request within 45 days of your initial request.
I didn’t get what I expected in my CCPA response. Can I make another request?
If you received your response to a request and you don't believe that it's complete, you can send a follow-up request online at chase.com/ccparequest or jpmorgan.com/ccparequest. You should include in that follow-up request the reasons why you believe the response was incomplete. Keep in mind that we only retain consumer info for a certain period of time, so we may no longer have your information at the time you request it.
Why was my CCPA request declined?
Our response to your request should tell you why your request was declined. If you disagree with the response, you can send a follow-up request online at chase.com/ccparequest or jpmorgan.com/ccparequest and explain why you disagree. Keep in mind that we only retain consumer info for a certain period of time, so we may no longer have your info at the time you request it.
There are several reasons why your request might be declined:
- If you aren't a California resident, you aren't covered by CCPA.
- If you're an existing JPMorgan Chase customer, you already have access to your personal info. You can sign in to your online profile and get information that way. You also get annual privacy notices with details about the personal info we collect, how we share that information, and your options (if any) for limiting that sharing.
- If you're a JPMorgan Chase employee, the law won't cover the personal info we have about you as an employee until 2021.
- If we previously collected personal info about you, we may no longer maintain it at the time of your request.
I sent in a request to access my information, now I'd like to request to delete it. How do I do that?
You can send in another request and ask that your information be deleted.
My CCPA response stated that you were unable to verify my identity. What does that mean?
Before we release any personal info, we need to be sure that we’re responding to a legitimate request. This means verifying that you’re a real person and the right person to be making the request. We might not have been able to verify your identity for various reasons: The information you provided for verification didn't match what we have on file or we didn't have enough information to fully verify that you’re entitled to receive the response you requested.
Protecting your data
How does JPMorgan Chase keep my information safe?
We use reasonable physical, electronic and procedural safeguards that comply with federal standards to protect and limit access to your personal information.This includes device safeguards and secured files and buildings. Visit our Security Center for more details about how we protect your personal info.
Keep in mind that information you send to us electronically may not be secure when it's transmitted to us.We recommend that you don't use unsecure channels to communicate sensitive or confidential information (such as your full Social Security number) to us.
Where are your privacy policies?
Your privacy is important to us and we take seriously our responsibility to protect the privacy and confidentiality of your information, including personal info. To learn more about our privacy practices please visit:
What does JPMorgan Chase do with my info?
We use your personal info to for a variety of business purposes, depending on your relationship with us. For example, we may use your personal info to verify your identity and to respond to a request you've made. We also may use it to offer you our products and services. If we collect your personal info through our website or mobile services, we may use that information to perform analytics concerning your use of our online services or to provide you with tailored content and marketing messages. We may also need to use your personal info to comply with our legal requirements, industry standards or contractual obligations. You can find a full description of our online privacy policies, as well as other privacy-related documentation, at chase.com/privacy or jpmorgan.com/privacy.