Take a letter

Today’s Business Blog post is brought to you by the letters C-O-P-P-A. If your website or online service is covered by the Children’s Online Privacy Protection Act, you’re readying your business for the changes that go into effect on July 1, 2013. For the benefit of those looking for a compliance refresher, the FTC just sent out letters to more than 90 companies that may be affected by the revision to the Rule.

The letters went to businesses in the U.S. and abroad whose online services – including mobile apps – appear to collect personal information from kids under 13. If you or your clients got a letter: Relax. They’re not an official FTC evaluation of the company’s practices. But they should serve as a reminder that now’s the time for a COPPA check-up.

Under the revised Rule – which the FTC announced in December 2012 – the definition of “personal information” has been expanded to include photos, videos, and audio recordings of children. Also covered: persistent identifiers that can recognize users over time and across different websites and online services. Persistent identifiers can range from online user names to cookies or mobile device ID numbers.

If your app collects, stores or transmits this information or other personal data already covered by COPPA (for example, a child’s name or address), you first need to get parental consent. In addition, companies must see to it that any third party receiving the information can keep it secure and confidential – and can abide by new rules affecting how the information is stored and retained.

Remember: COPPA applies not only to information collected by an app itself, but also to information collected by third parties, like advertising networks within an app.

Even if your clients didn’t get a letter from the FTC, it’s helpful to see what the FTC is saying to recipients. The FTC sent one letter to U.S. companies that may be collecting images or sounds of children and another letter to U.S. companies that may be collecting persistent identifiers from kids. Similar letters about kids’ images or sounds and persistent identifiers went to foreign companies whose content is directed to children in the U.S.

Consider following the example of other savvy businesses and assign knowledgeable staff to oversee how your company is implementing the changes to COPPA. Lots of help is available, including the FTC’s just-updated Complying with COPPA: Frequently Asked Questions. Send other questions to COPPAHotLine@ftc.gov.

4 Comments

>> Leave a Comment | Commenting Policy

Yes that's totally right. I've been aware about this.

this is boring

I'VE BEEN AWARE that some kind of federal action was finally being , I am going to say brought back. I Am not part of a company,I do work online. AND THE FILTH AND TOTAL DISREGARD OF WHOSE ONLINE IS FORFEITED. IN all aspects coppa should be implemented on every computer.most predators wait till late night,then pounce!parents in bed etc.we realize its a big scary place and not just your great security comp. can cope with such an influx of garbage.i talked to the fcc befor the holidays and of course, they were cut off at the knees.i do know if you sent out letters to all persons,this will make him maybe think twice.my permission is granted! i want to catch just once a slug or just prevent him from ruining an innocent.like i wrote to you before if congress can move like you professionals, our work just might tapper off a tad. any ?

What if the parents approve of the posting of the child's picture and voice?

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.