Online Businesses and the COPPA
If you do business online, you need to pay close attention to the requirements of the Children’s Online Privacy Protection Act (COPPA or the Act). Enacted in 1998, the COPPA requires the Federal Trade Commission (FTC) to enforce rules that regulate how website operators collect, use, and distribute personal information from children online. The FTC’s COPPA Rule spells out the specifics of the Act.
It is worthwhile to familiarize yourself with the requirements of the COPPA – if you have not already done so. Here is a quick rundown of the key issues to get you started.
Does the COPPA apply to your business?
The answer is YES, if your business involves any of the following:
- Commercial websites or online services that target children under the age of 13, and collect personal information from children;
- Websites intended for a general audience, but knowingly collect personal information from children under the age of 13;
- Websites intended for a general audience, but have separate areas for children and collect personal information from children.
What does compliance with the COPPA entail?
If the COPPA applies to your business, you are required to write and implement a COPPA-compliant privacy policy. It is worthwhile to take the time to review the guide developed by the FTC to help online businesses comply. The guide covers issues relating to the location, content and style of a compliant policy. Check it out at the FTC website.
Being COPPA-compliant means your online business must meet a number of requirements including:
1. Post a privacy policy on your homepage and link to it everywhere personal information about children is collected.
2. Provide notice to parents about your online information collection practices.
3. Obtain verifiable parental consent before collecting personal information from children.
4. Give parents the choice to consent to the collection and use of their children’s personal information.
5. Provide parents with access to their children’s information, and the opportunity to delete the information and opt-out from future information collection and use.
6. Maintain the confidentiality and security of the personal information collected from children.
Why is COPPA compliance important?
The simple answer is it is the law. However, the important consideration is how non-compliance could affect your business. The penalties of non-compliance are often stiff. Having spent the time and money to develop a viable online business, it makes sense to go the extra mile to ensure that you are operating on the right side of applicable regulations.
Learning from the Expensive Mistakes of Others
In many respects, the requirements of the COPPA appear clear enough. It is therefore ironic that even some high profile companies miss the mark.
In 2008, the FTC charged the operators of a social networking site that targets children with violation of the COPPA. According to the FTC’s complaints, the online business allowed children to create accounts by submitting personal information prior to providing notice to parents or obtaining parental consent. The company agreed to a settlement, which included a civil penalty of $130,000, an order that prohibits the company from violating the COPPA Rule, and a requirement for the deletion of all personal information collected in violation of the Rule.
Also in 2008, a major online music company found out the high cost of what the FTC referred to as “falling down on its COPPA obligations”. The FTC charged that the company violated COPPA by failing to provide sufficient notice on its websites about the information it collects, how it uses the information, and its disclosure practices. In the settlement, the company agreed to pay a civil penalty of $1 million as well as commit to orders to ensure future compliance.
The Web is a great medium for business. However, it is not without its regulatory controls. The COPPA is there for a purpose, and the FTC is actively enforcing it. It is good business to ensure that your online privacy policy is COPPA-compliant both in intent and in practice.
Rachel Agheyisi is an economist with over 25 years of business research, writing, and corporate consulting experience. She is the Executive Director of Report Content Writer, a company that specializes in writing white papers and case studies used by IT companies for generating leads in the biotech, financial services, and health care industries.
http://www.reportcontentwriter.com
Email me at rachel@reportcontentwriter.com on how I help you develop content-rich white papers and case studies.
Article Source: http://EzineArticles.com/?expert=Rachel_Agheyisi
Additional Articles From "Regulatory Compliance"
- 7 Tips to Make Your Company’s Information Security Plan More Manageable
- Key Elements of Successful Financial Information Security Program
- Enforcing Food Safety – The Government’s Responsibility
- PAT Testing – Regularity of Testing
- The Impact of the New Massachusetts Data Security Regulations
- Penalty Charge Notice – How to Deal With It
- Changes in COBRA – PART 2 – What Employers Need to DO
- FTC VS Apple & Google – Investigation is Questionable
- TILA Mortgage Rescission – Complete Defense to Foreclosure
- Understanding US Food and Drug Administration Recalls