Much of the media focus on consumer online privacy has centered on major companies and social networking giants. The Federal Trade Commission (FTC) continues to keep a close eye on how online businesses are collecting data. With the FTC about to make public new guidelines to The Children’s Online Privacy Protection Act (COPPA) in July, it’s a good time to review online customer privacy basics.

Children’s Privacy

COPPA dates back to 1998 and was designed to prevent commercial websites (including mobile phone apps) from targeting children under 13 and from collecting, using or disclosing personal data gathered from these children. Personal data could be a screen name, an IP address or information such as a phone number or photograph. COPPA is not restricted to children’s websites. It also applies to general websites or apps that might be gathering consumer data from children younger than 13, too. If your website or app fits the bill, COPPA requires you to give parents the means to provide their consent to junior’s online activities by offering a mail-in form, a toll-free number or a video conference feature. Without this consent, a business cannot collect personal information from a child. If an online purchase using a credit card is made, a notice sent to the (adult) account holder confirming the credit card sale is considered to be sufficient verification. Use of the parent’s password (if using an app store account) is not considered sufficient.

Penalties for collecting data and not complying with COPPA guidelines can reach $16,000 for each infringement involving a child under 13. Businesses are not obligated to investigate the ages of all visitors to its site, but if a business owner is notified by a parent that a visitor to the site is a child who is lying about his/her age, the business owner must comply with COPPA guidelines.

With the spotlight back on children, website developers who might be most affected will want to double-check that their site is in compliance.  The FTC has both newly published guidelines and FAQs available online.

Keep It Short and Relevant

When it comes to dealing with adult consumers, a little restraint goes a long way. You might have the capacity and capability to store a lot of customer data – and it’s tempting to store more for new products you might develop in the future. Resist the urge. Too many unrelated questions alienate customers, and the more confidential data you have, the more you must protect.

Communicate

Legalese is complex and user-unfriendly. As much as possible, state your privacy policy in simple terms, explain why you’re asking for certain data and how you plan to use it. If you can, provide opt out provisions for customers who don’t want to share more than basic data with you. Communication must be two-way. Provide an online link or email address for customers to send questions or concerns. These queries should be reviewed by a senior staffer and answered promptly. Take all questions seriously, and avoid any shoot-from-the-hip responses that might end up on Twitter.