To protect your company and its website from such a fate, you must first determine if the COPPA Rule applies to your company’s website by asking:
- Do we direct our commercial website and online services to children under 13? If so, do we collect personal information from children under 13?
- Do we knowingly collect personal information from children under 13 on our general audience website?
- Does our general audience website have a separate children’s area? If so, do we collect personal information from children under 13 in this separate area?
If you answer “yes” to these questions, then your company likely falls under one of the categories of website operators who must comply with COPPA. If in doubt, compliance with the COPPA Rules is the safest bet.
Good records management is one COPPA requirement. The Rule requires that personal information collected from children is managed to maintain the confidentiality, security and integrity of the information. Your company will need good information management policies and practices to comply. Good records management practice also includes managing the privacy of those submitting their information. To comply, your company will need good privacy policies and procedures. To maintain goods records management in the long-term, your company should perform audits to confirm that the information collected from children on your website is being properly managed under these policies and procedures, including your record retention schedule.
The FTC takes privacy seriously, and so should your company.
To read about the more about these and the other COPPA Rule requirements, and the entire one million dollar penalty story, go to: http://www.ftc.gov/privacy/.