COPPA became effective in April of 2000, and it applies to commercial websites that collects personal information from children under 13 years old, whether or not the collection is mandatory or voluntary. Personal information is defined by the act as any information that is individually identifiable, or would allow someone to identify or contact the child. If your website does this, then you must take certain measures in order to comply with this law.

Personal information includes:

  • First and last name
  • Address including street name
  • Online contact information
  • Username that functions as online contact information
  • Telephone number
  • Social Security Number
  • Persistent identifier that can be used to recognize a user over time and different website services
  • A photo, video, or audio file, containing a child’s image or voice
  • Geolocation information sufficient to identify street and city name
  • Other information about the child or parent collected from the child when combined with one of the above identifiers

If you collect personal information such as those described above, you must follow these steps to comply with COPPA:

1. You must post a clearly written and understandable online privacy policy that is comprehensive and describes your practices for collecting personal information from children. There are certain elements that need to be included.

a. You must name the individuals collecting or maintaining personal information, as well as provide their contact information.

b. You must describe the personal information that is collected, how it is collected, how it is used, and whether you disclose the information to third parties, as well as the categories of businesses of the third parties and how they use the information if you do disclose to third parties.

c. You must describe the parents’ rights with regard to the personal information. You must tell parents that you will not require a child to disclose more information than is reasonably necessary to participate in an activity, that they can review their child’s personal information, request its deletion, refuse to allow any further collection or use of the child’s information, agree to the collection and use of the child’s information with the option to disallow any further collection or use of the child’s information, and lastly, the procedures to exercise these rights.

2. You must also give direct notice to parents and obtain verifiable parental consent prior to collecting personal information online from children, with some limited exceptions. Parents must also be given the option to consent to the collection of a child’s information by the website but disallow the disclosure of such information to third parties, unless this information is considered integral to the website, which must be made clear to the parents.

3. You must also maintain the confidentiality, security, and integrity of information collected by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security.

4. You can only collect and keep such information for as long as is necessary to fulfill the purpose it was collected for, and you must take reasonable measures to protect and securely delete the information afterward.

If you have any questions about whether or not your website falls under COPPA or how to comply with COPPA, do not hesitate to reach out to the Law Office of E.C. Lewis, PC, the home of your Denver Business Lawyer, Elizabeth Lewis at 720-258-6647 or email her at Elizabeth.Lewis@eclewis.com.