What is the California Consumer Privacy Act?
California Consumer Privacy Act (CCPA) is an act that was passed by the California legislature in 2018. It took effect on January 1, 2020. It provides individuals with privacy rights that are similar to existing rights under the Gramm-Leach-Bliley Act (GLBA). However, the rights under CCPA apply to all California residents, unlike GLBA rights, which apply to customers (and in some cases consumers) of financial institutions.
What is the Gramm-Leach-Bliley Act?
The Gramm-Leach-Bliley Act (or GLBA) is a federal act that created various federal privacy and security requirements for financial institutions in 1999. For example, you have the right to opt out of affiliate sharing as a result of this act. GLBA also allows for State Insurance Commissioners to pass similar regulations. Therefore, where the products and services you purchase from us are regulated at the state level, you may have similar privacy rights under state law.
What is the relationship between California Consumer Privacy Act and Gramm-Leach-Bliley Act?
The CCPA includes an exception for personal information that is collected, processed, or disclosed pursuant to GLBA. This is because, as a consumer of our GLBA products or services, you already have many of the rights under the CCPA. Therefore, when Nationwide collects, processes, or discloses your personal information pursuant to our financial products and services, we provide you with your rights under GLBA, because CCPA would not apply. Where GLBA does not apply, we provide you with your rights under CCPA. Substantively, your rights under GLBA and CCPA are similar and you have the opportunity to exercise them whenever you wish.
What are my rights under the California Consumer Privacy Act?
You have the rights of access, deletion, notice, opt out, and non-discrimination.
Where can I exercise my rights under the California Consumer Privacy Act?
You have the right to access your personal information. You may use this personal information access request form to request access to your personal information or call 1-844-541-4300. You have the right to request that we delete the personal information we have collected from you. You may use this personal information deletion request form to request the deletion of your personal information or call 1-844-541-4300. You must provide us with your personal information so that we may locate your information in our systems and distinguish it from the information of others—for example individuals who may have similar names or addresses to you. After you provide us with your personal information, you must also notarize then send back a document that is based on the information you have provided us. If we do not receive this document with the notary seal and signatures in 30 days, we will cancel your request and you may need to create another request.
How do I opt out of Nationwide selling my personal information?
You need not opt out of the selling of your personal information because Nationwide does not sell your personal information.
Who can I contact regarding other questions for California Consumer Privacy Act and Nationwide?
You may read more about the CCPA by visiting the California Attorney General's website. You may also contact Nationwide with any remaining privacy questions at firstname.lastname@example.org.
Why must I obtain a notarized document?
Nationwide must comply with the requirements of CCPA and the regulations promulgated by the California Attorney General regarding verifiable consumer requests while allowing you to exercise your rights under the law. In order to preserve the privacy and the security of the information you are trying to access or delete, we require proof that you are who you say you are. We have determined that obtaining a notarized form that includes your name provides us reasonable assurances that you are who you say you are.
When I access my information, why is my personal information displayed in the manner it is displayed in?
In allowing you to access your information, we request information from various business units that may store your personal information. Some of this information may include some variation as a result of the manner in which it was provided to us or during the time it was provided to us For example, one product may have your work phone number and work address, another product may have your home phone number and home address or a product may have an old address associated to you. In order to provide you with a comprehensive report, we provide you with the information from your various business units as we obtain it and we do not run additional filters on this information.
How do I correct my information?
You may correct your information by calling us at 1-877-669-6877. However, depending on the product that your request relates to, you may need to contact your agent or broker dealer to correct it.
Does Nationwide charge a fee to respond to requests under CCPA?
Generally, no. However, we may charge a reasonable fee for or refuse to act on requests that are manifestly unfounded or excessive, including repetitive requests. If we refuse to act on a request, we will notify you of the reason.
How long will it take to access my personal information?
It may take up to 90 days to provide you with the information. However, if you have not provided us with the notarized document, we may be unable to verify that you are in fact the person who has made the request.
Why didn’t I get any information?
It may be that we were unable to find you in our systems with the information you provided to us. If you make a subsequent request and provide additional information about yourself, we may be able to find out more information about you in our systems. It is also possible that any information you may have provided us has since been deleted as a part of our records retention policies.
Why did I get so little information?
If the information you provided was not adequate to match you across all of our databases, then we provided you with the information that was available in our databases.
What happens when I request that you delete my data?
We delete your data subject to our legal obligations and related records retention policies.
Please note that, under the CCPA, we are not required to comply with your request to delete your personal information if it is necessary for Nationwide to maintain your personal information in order to:
(1) Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between Nationwide and you;
(2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
(3) Debug to identify and repair errors that impair existing intended functionality;
(4) Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
(5) Comply with the California Electronic Communications Privacy Act;
(6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
(7) Enable solely internal uses that are reasonably aligned with a consumer’s expectations based on their relationship with Nationwide;
(8) Comply with a legal obligation; or
(9) Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
For what purposes do you use the information provided in my request?
We use the information you provide us during the access or deletion requests to process your request.
How long do you retain my information about my request?
How long do you retain my information?
We retain your information in accordance with our legal obligations and records retention policies. For example, we may have a legal obligation to retain information relating to your agreements with us or claims relating to your products or services. We delete your data once the legal obligation expires or after the period of time specified in our records retention policies.
How long do I have access to my request?
For your security, your request will be available for you to access for one week after which it will be deleted. If you would like to access your personal information again, please make another request.
Why was my request denied?
We may have rejected your request for several reasons. Because it is important for us to verify your identity for security purposes, we need to ensure that you are who you claim to be. If signatures or seals in your verifiable request were missing or invalid, we may reject your request. If your notarized form had items removed or not matching to your request, we may reject your request. If you already have an open request, we may reject your request. If you did not confirm your email, we may reject your request. We may have rejected your request because we were unable to determine that you are a California resident.
How many requests may I make in one year?
You may make two requests to access your personal information in a 12-month period under the CCPA. You may make more than two requests; however, we are not required under the CCPA to respond to them.