No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

A Wake-Up Call on Privacy Policies

by Alexander Koskey
August 14, 2017
in Data Privacy, Featured
father with young girl on a computer in a cafe

FTC Issues New Guidance on COPPA

The Federal Trade Commission (FTC) has updated its compliance plan for the Children’s Online Privacy Protection Act (COPPA), which establishes the guidelines under which personal information may be collected and used from children under the age of 13. However, the latest guidance from the FTC should serve as a reminder for all businesses to perform an examination of their online privacy policies to ensure compliance with all regulations and thus avoid unnecessary exposure.

The Federal Trade Commission (FTC) has updated its compliance plan for the Children’s Online Privacy Protection Act (COPPA). Introduced in 1998, COPPA establishes the guidelines under which personal information on children under the age of 13 may be collected and used. The primary goal of COPPA is to allow parents to control the amount of information collected from children. Even if your business is not subject to COPPA compliance, the new FTC guidance highlights the vast amount of potential exposure businesses face with privacy policies in an expanding marketplace.

COPPA applies to operators of “websites and online services” that “collect, use or disclose personal information” from children under the age of 13. The definition of what constitutes “websites and online services” is expansive. COPPA further requires that operators provide direct notice to parents regarding what information is collected from children, whether the operator intends to make the information publicly available and the disclosure practices for such information.

The FTC’s updated guidance focused upon two areas of COPPA in an effort to reflect changes in technology. First, the definition of “websites or online services” was expanded to include connected toys and “other internet of things” devices. This now includes toys and devices that collect personal information such as voice recordings or geolocation data. The update comes just weeks after Senator Mark R. Warner sent a letter to the FTC urging for increased protections under COPPA following two instances of children’s data being hacked from internet-connected smart toys, including voice recordings sent between parents and children.

Next, the FTC introduced two new methods for obtaining parental consent prior to collecting personal information from children. The updated compliance plan provides that parental consent may be obtained by either (a) asking parents a series of knowledge-based authentication questions or (b) requesting a copy of a parent’s driver’s license and matching that photo to a second photo provided by the parent using facial recognition technology. These new methods are in addition to the already acceptable methods of obtaining parental consent, including consent forms, calling a toll-free number staffed by trained personnel or by video conference. There are exceptions to the general rule requiring parental consent before collecting personal information from children, but notice requirements may still exist despite the exception.

The recent updates highlight the broad scope of COPPA and the increasing difficulty of maintaining pace with evolving technology in the marketplace. As the FTC tries to keep pace by expanding COPPA into new areas, it offers little guidance in helping businesses implement the requirements of COPPA into these new areas. Moreover, the guidance misses the mark on confirming that other methods of obtaining parental consent are acceptable – such as when a parent makes a direct purchase of an internet-connected toy. As the marketplace continues to advance, additional guidance is likely to be necessary.

The FTC’s latest guidance will also have an impact upon the privacy policies of banks and other companies within the financial services industry that may use information collected on websites and apps for use in its business operations. COPPA compliance is required by all companies who have actual knowledge that information is collected from children under 13 or if the company runs an ad network or plug-in which collects information from websites or services directed to children under 13. Therefore, the potential for exposure can be expansive. Agencies in addition to the FTC have also increased enforcement actions against businesses for inadequate data security practices and procedures which fail to protect collected personal information. Businesses’ use of this information could create exposure under the Unfair, Deceptive, or Abusive Acts or Practices Act (UDAAP), the Telephone Consumer Protection Act (TCPA) or the Gramm-Leach-Bliley Act (GLBA), among other regulations. Many businesses are unaware of this potential exposure.

As regulations continue to be fluid due to expanding technology and an advancing marketplace, additional guidance will be necessary. However, the latest guidance from the FTC should serve as a reminder for all businesses to perform an examination of their online privacy policies to ensure compliance with all regulations.


Tags: Federal Trade Commission (FTC)Internet of Things (IoT)
Previous Post

Two Superior Results: Declinations in Linde Gas and CDM Smith

Next Post

OIG Enforcement on the Rise

Alexander Koskey

Alexander Koskey

Alexander Koskey is an attorney in Baker Donelson’s Financial Services practice in Atlanta. He represents individuals, businesses and financial institutions on a wide range of regulatory and compliance issues, real estate and commercial matters. He can be reached at akoskey@bakerdonelson.com.

Related Posts

test image for new AR

When It Comes to Climate Disclosures, SEC and FTC Speak Different Languages

by Tony Subketkaew
May 11, 2022

Expanded climate reporting will likely tempt marketing teams to try to capitalize on favorable climate performance as disclosed in reporting....

A roll of cash sinks in water.

DAMITT 2021 Report: Merger Investigations Sink More Deals

by Mike Cowie, James Fishkin, Laurence Bary and Clemens Graf York von Wartenburg
February 23, 2022

If your company's proposed merger is subject to an investigation by U.S. or EU authorities, the likelihood the deal will...

popcorn kernels begin to pop

The New Era of Antitrust Enforcement

by Michael Volkov
February 10, 2022

Risk managers and CCOs take note: DOJ and FTC have signaled a new era of antitrust enforcement. Leadership at both...

hands typing on laptop, smartphones on the table, work anywhere concept

Oomnitza Delivers IT Management Essential to Business Continuity

by Corporate Compliance Insights
March 9, 2021

Provides critical solutions for the work-from-anywhere environment to address massive shifts in operational models, changed IT ecosystems and technology sprawl...

Next Post
prescription pad surrounded by pills

OIG Enforcement on the Rise

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT