How to Comply with COPPA — 7 Steps

Protecting children online should be of paramount importance to all, especially in today’s world. In response to this pressing issue, in 1998 Congress enacted the Children’s Online Privacy Protection Act (COPPA), which gives parents of children under 13 control over what information is collected from their children online. This article will detail how organizations can maintain compliance with COPPA regulations.

Since 1998, COPPA has helped protect the personal information of children under 13 years old. Enforced by the Federal Trade Commission (FTC), COPPA mandates that websites and online services that collect the personal information of children under the age of 13 must remain in compliance with COPPA’s protective practices or risk civil penalties, including large fines.

Luckily for organizations that are grappling with COPPA compliance, the FTC has released a business guidance plan for COPPA compliance. Below are summaries of these tips.

Please note that this article in no way substitutes for organizational audits aimed at COPPA compliance. Rather, it is intended to be a brief refresher for those in your organization responsible for maintaining compliance.

Website or Online Service?

First, it would be helpful to define what is construed as a website or online service with respect to COPPA. “Website” or “online service” have broad definitions under COPPA. Besides standard websites, the following are also included in this definition:

  • Mobile apps, such as online games, social networking apps or apps with ads that target users based on their behavior, that send or receive user information for users under age 13
  • Gaming platforms that are Internet-enabled
  • Advertising networks
  • Plug-ins
  • Location services that are Internet-enabled
  • VOIP services
  • IoT devices, including Internet-connected toys

Determine if Your Website or Online Service is Covered by COPPA

The first point of compliance to look at is whether your website or online service is covered by (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Beth Osborne. Read the original post at: