Okay, you’re really gonna have to bare with me this week, (please be) gentle readers. I am one of those people who barely knows that the interwebs exist. Oh, I use them all the time but I think there’s a magic elf in my computer that obeys my commands and makes my data and stuff appear. My husband, being an IT guy, is friends with this little elf and together they make sure I stay up on the latest apps and Facebookings and what not but explaining to me how it all works is like me trying to figure out Penn and Teller’s bullet catch – nigh impossible. http://www.youtube.com/watch?v=DjDcARq8ty8
Thank goodness I had Linnette Attai, founder of PlayWell, LLC on hand to explain the new COPPA (Children’s Online Privacy Protection Act) regulations that are going to go into effect in July and how to navigate them. Since I understand my own limitations in this area, may I suggest you check out this article after I’ve thoroughly confused you with my take on the subject: http://www.mediapost.com/publications/article/198959/ftc-issues-guidance-on-childrens-privacy-rules.html?edition=59281#axzz2RZsAMgYh
Thanks, now I feel better. So the Child Online Privacy Act ensures that folks with websites, apps and stuff (see that technical term I just used there?) are transparent about their data collecting practices when it comes to kids under the age of 13. Online operations have to post their privacy policies, get parental consent before collecting data from kids and provide parents with a means to review data collected and delete it. COPPA has expanded their definitions to include a broader definition of operators and websites directed to kids. So first you have to figure out if your site is targeted to kids (Hint: If you have to ask, then it is) and figure out if you’re collecting data off your site or app (you should know that) but – here’s the catch – you also need to figure out if a third party is also sucking data off your site because you’re ultimately responsible for what’s going on on your own site.
You can do a tech assessment, you can also partner with one of COPPA’s designated safe harbor companies to help you get compliant. The safe harbors encourage the industry to be self-reliant and police itself. If your site is named compliant by one of the safe harbors, then you’re good to go. But people, don’t take my word for it, check it out: http://business.ftc.gov/documents/Complying-with-COPPA-Frequently-Asked-Questions
And, as with everything, retrofitting stinks. So if you can, it’s best to build in privacy and data protection from the start. So what happens if you’re caught being non-COPPA compliant? (Why do I think of Barry Manilow when I type that?) You’ll get fined sometimes up to $880K. You could have to do a yearly compliance audit for 4-20 years and no one has that in their budgets, and people will think you’re dastardly. Maybe not the latter, but you get my drift.
Unfortunately, during the session there was no talk of elves or magicians so that’s about all my brain could successfully take away. I hope I haven’t confused you too much. And a personal shout out to Linnette for tackling this tricky and very important subject.
Main Takeaway: Do not mess with COPPA. Be compliant, if you’re not sure if you are or not, find out. It’s like paying taxes, not very many people understand how it all works but we all have to do it. Or else.
Inappropriate Takeaway: Oh, all the COPPA song parodies that popped into my head.
At the COPPA, COPPA cabana. Watch out app for Hannah Montana. Data compliance and safe harbor alliance at the COPPA – I fell in love.