Monday, March 1, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

A Wake-Up Call on Privacy Policies

by Alexander Koskey
August 14, 2017
in Data Privacy, Featured
father with young girl on a computer in a cafe

FTC Issues New Guidance on COPPA

The Federal Trade Commission (FTC) has updated its compliance plan for the Children’s Online Privacy Protection Act (COPPA), which establishes the guidelines under which personal information may be collected and used from children under the age of 13. However, the latest guidance from the FTC should serve as a reminder for all businesses to perform an examination of their online privacy policies to ensure compliance with all regulations and thus avoid unnecessary exposure.

The Federal Trade Commission (FTC) has updated its compliance plan for the Children’s Online Privacy Protection Act (COPPA). Introduced in 1998, COPPA establishes the guidelines under which personal information on children under the age of 13 may be collected and used. The primary goal of COPPA is to allow parents to control the amount of information collected from children. Even if your business is not subject to COPPA compliance, the new FTC guidance highlights the vast amount of potential exposure businesses face with privacy policies in an expanding marketplace.

COPPA applies to operators of “websites and online services” that “collect, use or disclose personal information” from children under the age of 13. The definition of what constitutes “websites and online services” is expansive. COPPA further requires that operators provide direct notice to parents regarding what information is collected from children, whether the operator intends to make the information publicly available and the disclosure practices for such information.

The FTC’s updated guidance focused upon two areas of COPPA in an effort to reflect changes in technology. First, the definition of “websites or online services” was expanded to include connected toys and “other internet of things” devices. This now includes toys and devices that collect personal information such as voice recordings or geolocation data. The update comes just weeks after Senator Mark R. Warner sent a letter to the FTC urging for increased protections under COPPA following two instances of children’s data being hacked from internet-connected smart toys, including voice recordings sent between parents and children.

Next, the FTC introduced two new methods for obtaining parental consent prior to collecting personal information from children. The updated compliance plan provides that parental consent may be obtained by either (a) asking parents a series of knowledge-based authentication questions or (b) requesting a copy of a parent’s driver’s license and matching that photo to a second photo provided by the parent using facial recognition technology. These new methods are in addition to the already acceptable methods of obtaining parental consent, including consent forms, calling a toll-free number staffed by trained personnel or by video conference. There are exceptions to the general rule requiring parental consent before collecting personal information from children, but notice requirements may still exist despite the exception.

The recent updates highlight the broad scope of COPPA and the increasing difficulty of maintaining pace with evolving technology in the marketplace. As the FTC tries to keep pace by expanding COPPA into new areas, it offers little guidance in helping businesses implement the requirements of COPPA into these new areas. Moreover, the guidance misses the mark on confirming that other methods of obtaining parental consent are acceptable – such as when a parent makes a direct purchase of an internet-connected toy. As the marketplace continues to advance, additional guidance is likely to be necessary.

The FTC’s latest guidance will also have an impact upon the privacy policies of banks and other companies within the financial services industry that may use information collected on websites and apps for use in its business operations. COPPA compliance is required by all companies who have actual knowledge that information is collected from children under 13 or if the company runs an ad network or plug-in which collects information from websites or services directed to children under 13. Therefore, the potential for exposure can be expansive. Agencies in addition to the FTC have also increased enforcement actions against businesses for inadequate data security practices and procedures which fail to protect collected personal information. Businesses’ use of this information could create exposure under the Unfair, Deceptive, or Abusive Acts or Practices Act (UDAAP), the Telephone Consumer Protection Act (TCPA) or the Gramm-Leach-Bliley Act (GLBA), among other regulations. Many businesses are unaware of this potential exposure.

As regulations continue to be fluid due to expanding technology and an advancing marketplace, additional guidance will be necessary. However, the latest guidance from the FTC should serve as a reminder for all businesses to perform an examination of their online privacy policies to ensure compliance with all regulations.


Tags: FTCinternet of things (IoT)
Previous Post

Two Superior Results: Declinations in Linde Gas and CDM Smith

Next Post

OIG Enforcement on the Rise

Alexander Koskey

Alexander Koskey is an attorney in Baker Donelson’s Financial Services practice in Atlanta. He represents individuals, businesses and financial institutions on a wide range of regulatory and compliance issues, real estate and commercial matters. He can be reached at akoskey@bakerdonelson.com.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
prescription pad surrounded by pills

OIG Enforcement on the Rise

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights