Much of the media focus on consumer online privacy has centered on major companies and social networking giants. The Federal Trade Commission (FTC) continues to keep a close eye on how online businesses are collecting data. With the FTC about to make public new guidelines to The Children’s Online Privacy Protection Act (COPPA) in July, it’s a good time to review online customer privacy basics.
COPPA dates back to 1998 and was designed to prevent commercial websites (including mobile phone apps) from targeting children under 13 and from collecting, using or disclosing personal data gathered from these children. Personal data could be a screen name, an IP address or information such as a phone number or photograph. COPPA is not restricted to children’s websites. It also applies to general websites or apps that might be gathering consumer data from children younger than 13, too. If your website or app fits the bill, COPPA requires you to give parents the means to provide their consent to junior’s online activities by offering a mail-in form, a toll-free number or a video conference feature. Without this consent, a business cannot collect personal information from a child. If an online purchase using a credit card is made, a notice sent to the (adult) account holder confirming the credit card sale is considered to be sufficient verification. Use of the parent’s password (if using an app store account) is not considered sufficient.
Penalties for collecting data and not complying with COPPA guidelines can reach $16,000 for each infringement involving a child under 13. Businesses are not obligated to investigate the ages of all visitors to its site, but if a business owner is notified by a parent that a visitor to the site is a child who is lying about his/her age, the business owner must comply with COPPA guidelines.
With the spotlight back on children, website developers who might be most affected will want to double-check that their site is in compliance. The FTC has both newly published guidelines and FAQs available online.
Keep It Short and Relevant
When it comes to dealing with adult consumers, a little restraint goes a long way. You might have the capacity and capability to store a lot of customer data – and it’s tempting to store more for new products you might develop in the future. Resist the urge. Too many unrelated questions alienate customers, and the more confidential data you have, the more you must protect.