Skip to content
 

FTC Gets Tough on COPPA Enforcement

Young children are the customers of the future. Establishing a relationship with them now may enable you to build loyalty and a lifelong customer. But if you plan to utilize the Web to win their hearts, keep in mind the need to comply with a relatively new law - the Children's Online Privacy Protection Act (COPPA)

COPPA is in the spotlight now as one business recently learned the hard way that failure to comply can be expensive and damaging to reputation. In a nationally-publicized consent decree, the company agreed to pay $30,000 in civil penalties to settle a case brought against it by the Federal Trade Commission regarding violations of COPPA. This was the FTC's fourth enforcement action under the law.

Every business which operates a Web site needs to understand the circumstances under which COPPA applies and what it requires. Here's a quick overview, with links to additional information.

The Children's Online Privacy Protection Act (COPPA) became effective on April 21, 2000. The Act applies to operators of commercial Web sites and online services directed to children under 13, and to general audience sites that knowingly collect personal information from children. COPPA requires Web sites to post a complete privacy policy, and directly notify parents of their information collection practices and get verifiable parental consent before they collect children's personal information or share that information with others.

Do you have content on your site that might be deemed to be "directed to children under 13"? Or does your site knowingly collection personal information from children? The FTC considers several factors to determine if a Web site is directed to children, including:

  • subject matter,
  • visual or audio content,
  • age of model on site (if any is shown),
  • language,
  • whether advertising (if any) on the site is directed at children,
  • information regarding the age of the actual or intended audience, and
  • whether the site uses animated characters or other child-oriented features.

COPPA defines "personal information" as individually identifiable information collected online including:

  • a first and last name,
  • a home or other physical address including street name and name of a city or town,
  • an e-mail address,
  • a telephone number,
  • a Social Security number,
  • any other identifier that the FTC determines permits the physical or online contacting of a specific individual, or
  • information concerning the child or parents of that child that the website collects online from the child and combines with an identifier described in this paragraph.

As pointed out in one of the Banker's Threads discussions, if a Web site requests the viewer to provide his or her age, the bank will have knowledge that it is collecting information from children if a responder is under the age of 13. On any form that collects personal information, you may want to consider constructing a part that asks the viewer to certify they are 13 or older by clicking the button and disclose that only those who are at least 13 are authorized to complete the form.

If you do plan to collect information from children, you will want to carefully review the procedures the FTC outlines for obtaining verifiable parental consent. Any financial institution that operates a Web site directed at children or has actual knowledge that it is collecting personal information from children must comply with the provisions of COPPA. The FTC has created a Web page "Kids Privacy" which contains information regarding COPPA. In addition FTC has prepared a guide to help website operators comply with the new requirements for protecting children's privacy online and understand the FTC's enforcement authority.

The intent of this article is not to discourage the marketing efforts of any institution that is seeking to expand its future customer base by providing financial information and education to children. If done carefully, and within the bounds of the law, Web site content for children can be a smart addition to a financial institution's Web site. You simply need to be aware of the requirements and, if they apply to your content, comply with them.

First published on BankersOnline.com 10/8/01

First published on 10/08/2001

Filed under: 
Operations
Security
Filed under security as: 
COPPA
Privacy
FTC
Social Security

Report a problem with this page

Search Topics