Are You in Compliance with COPPA? Part 2

In an earlier blog, we discussed the requirements for what is known as the Children’s Online Privacy Protection Act (COPPA). [will provide hyperlink to the blog] In April 2013, the FTC issued several updates aimed at addressing the revised rule implementing the act, which will go into effect on July 1, 2013. These updates are aimed at assisting compliance with the four new categories of information added to the rule’s definition of “Personal Information”. These include:

  • Geolocational Information: The rule now provides that all geolocational information must have parental consent, whether obtained before or after the implementation date.
  • Photos or videos or audio files containing images or audio of children: If collected prior to the date of the amended rule, consent is not required, but it is strongly suggested by the FTC.
  • Screen or User Names: If collected prior to the date of implementation, consent is not required unless the user associates new identifying information with the user name after the date of implementation.
  • Persistent Identifiers: If collected prior to the date of implementation, consent is not required unless the site obtains new information after the date of implementation that allows tracking of a user over time or across websites. There is a technical exception for information collected solely for internal operations of a website.

These additions alone make it worthwhile to learn how COPPA applies to any website your organization operates now or plans to operate in the future.

Are You In Compliance with COPPA? Part 1

The Internet can be a great resource for education and entertainment for children, but it can also expose them to exploitation based upon the nature of the personal identifying information (PII) they might provide while participating in discussion groups, chats, surveys, contests, and online gaming. Because data collection features are often designed to be entertaining, younger children in particular might not be aware of just how much of their personal information they share over the Internet. With that in mind, Congress in 1998 enacted the Children’s Online Privacy Protection Act (COPPA).

COPPA made it necessary for the Federal Trade Commission (FTC) to make and enforce regulations regarding children’s online privacy. If you own and/or operate a website and/or online service for commercial purposes that are either directed toward children under 13, or have actual knowledge that children under 13 are providing information online, COPPA applies to you.

Operators to whom the rule applies are required to:

1. Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from children;

2. Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children;

3. Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);

4. Provide parents access to their child’s personal information to review and/or have the information deleted;

5. Give parents the opportunity to prevent further use or online collection of a child’s personal information;

6. Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and

7. Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.

The rule also prohibits operators from conditioning a child’s participation in an online activity on the child providing more information than is reasonably necessary to participate in that activity.

The FTC’s original COPPA Rule became effective on April 21, 2000. However, an amended Rule was issued December 19, 2012.

Business Opportunity Too Good To Be True? It Probably Is.

In uncertain economic times, people are especially motivated to build financial security to protect their livelihood. They may look for ways other than the traditional brick-and-mortar job to fulfill their financial goals. Various commitments may leave them with little flexibility in their schedules, and so such people may search out unconventional money-making opportunities. While there is nothing wrong with thinking outside the box, one must be careful to avoid con artist who have likewise innovated their scams.

For example, in the case Federal Trade Commission, Plaintiff, v. Shopper Systems, LLC; Revenue Works, LLC, also doing business as Surplus Supplier; EMZ Ventures, LLC; The Veracity Group, LP; Brett Brosseau; Michael Moysich; Keith R. Powell, Defendants (United States District Court for the Southern District of Florida), the FTC alleged this unscrupulous Company lured retailers into paying for a non-existent mystery shopping service program, amongst other illegal misdeeds affecting individual consumers.

The Federal Trade Commission’s crackdown on such corrupt business practices, tagged ‘Operation Lost Opportunity’, has brought legal action against many who promise consumers work-at-home opportunities, investment and business ownership opportunities, fleecing them of millions.

If you are presented with an opportunity, whether through someone you know well or not:
• Do research on the internet;
• Call your local Better Business Bureau so that you can find out if the company has any negative reports filed against it;
• Call your State Attorney General’s office. Provide them with all the information you have on the company. They can provide information on the business legitimacy if the other self-research methods exonerate the company from suspicion.

If you have already pursued a business opportunity that turned out to be a scam, you have options:
• Report the offending company to the FTC;
• Freeze all bank and credit card accounts revealed to the company when you signed up.
• Call an attorney with expertise in these matters. You will need someone who has the ability to mitigate any further loss, attempt to make you whole again, and see that the offending company can no longer or be crippled in its attempt to do this to someone else.Having the right resources at your disposal can reduce your chances of becoming a victim of a business scam. Remember that if it is too good to be true, it probably is.