A Beginners Guide to Complying with COPPA

As technology is advancing, children have the ability to access most websites, apps, and other technology with the click of a button. This access has given companies the ability to market directly towards children. Companies such as Youtube, TikTok, and Apple have been successful at appealing to children and adults of all ages. But with great success comes great responsibility and restrictions. Specifically, when it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission (FTC) enforces COPPA, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. The following list should serve as a guide for businesses that must comply with the COPPA.

STEP 1: DETERMINE IF COPPA APPLIES TO YOUR BUSINESS

Does your website or online service collect personal information from kids under 13? If so, it is likely that COPPA applies to you. To be more specific, you must comply with COPPA if you meet any of the following criteria:

  1. Your website or online service is directed to children under 13 and you collect personal information from them.
  2. Your website or online service is directed to children under 13 and you let others collect personal information from them.
  3. Your website or online service is directed to a general audience, but you have actual knowledge that you collect personal information from children under 13.
  4. Your company runs an ad network or plug-in, for example, and you have actual knowledge that you collect personal information from users of a website or service directed to children under 13.

The term website is defined broadly under COPPA. In addition to traditional websites, this Rule applies to:

  • mobile apps that send or receive information online (like network-connected games, social networking apps, or apps that deliver behaviorally-targeted ads)
  • internet-enabled gaming platforms
  • plug-ins
  • advertising networks
  • internet-enabled location-based services
  • voice-over-internet protocol services
  • connected toys or other Internet of Things devices

STEP 2: POST A PRIVACY POLICY THAT COMPLIES WITH COPPA

Once you have determined that COPPA applies to your business, the next step is to post a privacy policy that is clear and comprehensive. This notice must describe how personal information is being collected online from kids under 13 and how it is being used.  The notice must also describe the practices of any other services collecting personal information on your site — for example, plug-ins or ad networks.

A link to your privacy policy should be included on your homepage and anywhere you collect personal information from children.  Additionally, if you operate a site or service directed to a general audience, but have a separate section for kids, you must post a link to your privacy policy on the homepage of the kids’ part of your site or service.

STEP 3: NOTIFY PARENTS DIRECTLY ABOUT YOUR DATA COLLECTION PRACTICES

Under COPPA, you are required to give parents “direct notice” of your information practices before collecting information from their kids. The notice must tell parents:

  • that you collected their online contact information for the purpose of getting their consent;
  • that you want to collect personal information from their child;
  • that their consent is required for the collection, use, and disclosure of the information;
  • the specific personal information you want to collect and how it might be disclosed to others;
  • a link to your online privacy policy;
  • how the parent can give their consent; and
  • that if the parent doesn’t consent within a reasonable time, you’ll delete the parent’s online contact information from your records.

Additionally, if you make a material change to the practices parents previously agreed to, you have to send an updated direct notice.

STEP 4: OBTAIN PARENTS’ VERIFIABLE CONSENT

COPPA gives you the authority to choose a reasonable method to obtain parents’ verifiable parental consent before collecting, using, or disclosing personal information from children. Parents must have the option of allowing the collection and use of their child’s personal information without agreeing to disclose that information to third parties.

If you make any changes to your practice of collection, use, or disclosure of personal information from kids you must send the parent a new notice and get their consent. Parents may revoke their consent at any time.

STEP 5: PROTECT THE SECURITY OF KIDS’ PERSONAL INFORMATION

When collecting any data, it is important to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children. If you minimize what information you collect from children, it will be easier to protect kids’ personal information.

CONCLUSION

The FTC looks at a variety of factors to see if a site or service is directed to children under 13 such as: the subject matter of the site or service, the use of animated characters or other child-oriented activities and incentives, the use of visual and audio content, the age of models, ads on the site or service that are directed to children, and the presence of child celebrities or celebrities who appeal to kids.

It is important to determine if COPPA applies to your business. If COPPA applies to your business, you must establish and publish a privacy policy. Next, you must notify parents directly about your data collection practices and obtain verifiable parental consent. Lastly, it is important to protect the security of kids’ personal information.

When COPPA was first drafted there was no Youtube, no Facebook, no TikTok, and no iPhone. With the advancements in technology occurring at a rapid pace, it is important to make sure you stay up to date with all of the changes regarding COPPA.

 

Sources:

https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-step-compliance#step1

https://www.washingtonpost.com/

Photo Source: https://termly.io/resources/articles/coppa/

Employer’s Responsibility for Diversity in the Workplace

To show Diverse HandsAs the world becomes more diverse, employers are now responsible for providing employees with a fair and safe work environment. In today’s society, diversity can have multiple meanings.  However, workplace diversity is commonly composed of employees with varying characteristics, such as different sex, gender, race, ethnicity, and sexual orientation. It is important for employers to have the proper training and management for a diverse workplace. Without diversity in the workplace, there can be grounds for actions and behavior that rise to unlawful and unfair employment practices. Employers have the responsibility to promote and enforce diversity in the workplace. The following list should serve as a guide for employers trying to comply with diversity in the workplace.

CHECK STATE AND FEDERAL LAWS

Both state and federal governments have passed legislation to prevent unlawful and unfair employment practices.  Title VII of the Civil Rights Act of 1964 is a federal law that prohibits employers from discriminating against employees on the basis of sex, race, color, national origin and religion. Typically it applies to employers with 15 or more employees, including federal, state and local governments. Under Title VII, an employer may not discriminate with regard to any term, condition, or privilege of employment.

This law is just one of the many laws enacted to prevent unfair employment practices. Some of the other laws in place are the Equal Pay Act (1963), Age Discrimination in Employment Act (1969), Rehabilitation Act (1973),  Americans with Disabilities Act (1990), Civil Rights Act (1991), Pregnancy Discrimination Act, Genetic Information Nondiscrimination Act of 2008, and the ADA Amendments Act. Employers must also check the laws within the state their company is located. It is important to always stay up to date on the legislation that is being passed to enforce diversity in the workplace. Employers must comply with these laws, and failure to do so could lead to lawsuits, fines, or other civil and criminal causes of action for unfair and unlawful employment practices.

IMPLEMENT A STRONG EQUAL EMPLOYMENT POLICY

Employers should implement a strong equal employment opportunity policy that is enforced throughout all levels of the company. A strong equal employment opportunity policy should include a clear explanation of the prohibited conduct. Additionally, it should include clear and credible assurances that if employees make complaints or provide information related to complaints, the employer will protect employees from retaliation. The employee must have the assurance that the employer will take immediate and appropriate corrective action when it determines that discrimination has occurred. Once this policy is in place, employers should train managers, supervisors, and employees on its contents to enforce the policy. Having a strong policy in place will set the standard and expectations that employers have for their employees.

MAKE SURE TO TRAIN MANAGERS AND EMPLOYEES

The U.S. Equal Employment Opportunity Commission (EEOC) is responsible for enforcing federal laws that make it illegal to discriminate against a job applicant or an employee because of the person’s race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age (40 or older), disability or genetic information. The EEOC recommends that Human Resources managers and all employees are trained on equal employment opportunity laws.  Training and mentoring programs provide workers of all backgrounds the opportunity, skill, experience, and information necessary to perform well, and increases diversity in the workplace. During the diversity training for all employees, it is important to remind employees of the company’s policies that are in place. All employees must be held accountable for their actions, and immediate and appropriate corrective action should be taken if there are any violations of the company policy.

PROMOTE AN INCLUSIVE CULTURE

Employers have a responsibility to practice inclusivity in the workplace. A diverse staff represents a variety of life experiences and unique skill sets. All of these people need to be valued and welcomed into the company. Inclusion doesn’t happen solely because diverse individuals are present, but it requires an effort to create an inclusive workplace. Inclusivity can be achieved by interacting with different people, creating employee resource groups, placing importance on inclusion, and appropriately connecting with employees.

CONCLUSION

As the world is constantly changing, workplace diversity is something that employers should take seriously. There are many benefits of having a diverse workplace such as:

  • Higher innovation
  • Better decision making
  • Variety of different prospectives
  • Increased profits
  • Faster problem solving
  • Increased creativity

It is important for employers to check the state and federal laws to make sure they are complying with all equal employment opportunity legislation. After checking the legislation, employers must implement a strong policy that explains the standards of the company and the actions that will be taken if there is a violation of company policy. All employees and managers must be trained on the diversity policy and must be held accountable. Finally, employers must promote an inclusive environment that also allows employees to feel safe and valued. By promoting an inclusive culture in the workplace, employers will foster an environment of professionalism and respect for personal differences.

 

Sources:

https://www.eeoc.gov/eeoc/

https://www.eeoc.gov//eeoc/initiatives/e-race/bestpractices-employers.cfm

https://www.fcc.gov/general/office-workplace-diversity-functions

https://www.eeoc.gov/laws/statutes/index.cfm