Sierra Circuits CCPA Compliance

  • At Sierra Circuits, we do not currently sell any customer data for commercial purposes.

  • For registered users we collect data such as Email Address, Full Name, Company, Phone Numbers, Fax, Address, Website, IP Address, Job Title, Linked In profile.

  • We also collect Billing info and Shipping info, as needed for fulfilling any PCBs/Assemblies you purchase from us.

  • For casual visitors to website we may collect Email Address and IP Address.

If you are a California resident and are a customer / visitor at Sierra Circuits and want to opt out of any sale of your data to third party, please send email to CCPA@protoexpress.com

Email Subject Line: CCPA Opting Out of any sale of personal data

Your Email must include:

  • Your Full Name:

  • Your Email Address:

  • Your Phone Number where you can be reached:

We will need to reach you and verify your identity before we proceed to opt you out.

CCPA Basics & Clarification

The CCPA was developed based on a previous policy, the GDPR and recent data breaches. As stated in AB-375, in 1972 voters amended the California Constitution to include privacy as an inalienable right. The CCPA expands this to include digital data, stating, "Fundamental to this right of privacy is the ability of individuals to control the use, including the sale, of their personal information."

The policy itself cites previous attempts to safeguard the privacy of California citizens. However, nothing like the CCPA has been attempted before. The policy also cites the Cambridge Analytica incident, which violated the trust and privacy of Facebook users. Included in section 2 of the CCPA are the following "rights" defined as the ultimate goals of the policy:

  1. The right of Californians to know what personal information is being collected about them.

  2. The right of Californians to know whether their personal information is sold or disclosed and to whom.

  3. The right of Californians to say "NO" to the sale of personal information.

  4. The right of Californians to access their personal information.

  5. The right of Californians to equal service and price, even if they exercise their privacy rights.

While these rights are the stated goals of the policy, they do not capture the full requirements and innovation that is within the policy. There is still a need for clarification on some aspects and nuances in the policy, but that is to be expected. Let's expand on the major provisions of the legislation.

Who is Covered by the Act?

The act covers "consumers," who are defined under section 1798.140 as natural persons who reside in California. Consumers are now provided rights regarding their "personal information," which is defined as "means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household." Section 1798.40 then defines what is included under personal information:

  • "Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers."

  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies."

  • Biometric information.

  • "Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement."

  • Geolocation data.

  • Professional or employment information.

  • Non-public education information.

  • Metadata, or "inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes."

This act impacts all companies who handle this type of data of any California citizens.

Who Must Comply

There has been some confusion over compliance with the popular assumption being that all businesses will have to comply. The reality in the bill could not be more different. According to section 1798.140(1) for-profit businesses who collect and control California resident's data, conduct business in the state of California, and meet one or more of the following requirements must comply:

  • Generate $25 million in gross annual revenue or more.

  • Handle data of more than 50,000 people or devices.

  • 50% or more of revenue comes from selling personal information.

Right to Know

Consumers now have a right to know what personal information a business has collected about them, how/where it was sourced from, how the data is used, if there is a disclosure or sell of the information and what other parties have access to the information. This can be fulfilled by way of a general disclosure in the privacy policy of the company or can be made available with more specific information upon request from a consumer.

Right to Opt Out

Consumers have the right to opt-out of their information being sold. For consumers under the age of 16, businesses cannot sell their data without written opt-in from the consumer or their parent.

Right to Delete

Consumers have a right to deletion; however, there are some important exceptions to this rule. Business do not have to comply with a request for deletion if there is a need to maintain the data in order to:

  • Complete a transaction between the consumer and the organization.

  • Maintain adequate cybersecurity or to prosecute attackers.

  • Repair errors for service functionality.

  • Exercise free speech.

  • Comply with chapter 3.6 of the California Electronic Communications Privacy Act.

  • Ensure the success of public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws.

  • Enable internal uses of the data in line with expectations of the user based on past relationship.

  • Comply with a legal obligation.

  • Use the data for internal purposes that align with the context of the data provided.

Right to Equal Service

If a business discriminates against consumers for exercising their rights from the CCPA, they will be in violation of the act. Section 1798.125 defines service discrimination as the following:

  • Denial of goods or services to a consumer.

  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.

  • Providing different levels of service quality to a consumer if they express their CCPA rights.

  • Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.

Businesses may also offer financial incentives for the collection, sale, or deletion of consumer data. Consumers must provide an explicit opt-in into such incentive programs.