The Children’s Online Privacy Protection Act (COPPA) was signed into law on October 21, 1998. COPPA prohibits unfair or deceptive acts or practices in connection with the collection, use, or disclosure of personally identifiable information from and about children on the Internet. The Federal Trade Commission (FTC) issued the enclosed final rule, 16 CFR Part 312, effective April 21, 2000.
COPPA and the FTC’s implementing rule generally apply to financial institutions that operate commercial websites or provide online services (or portions thereof) directed to, or knowingly collect personal information from, children under the age of 13.
COPPA and the FTC’s rule require those financial institutions to:
- Provide parents notice of their information practices;
- Obtain prior verifiable parental consent for the collection, use, and/or disclosure of personal information from children (with certain limited exceptions for the collection of ‘‘online contact information,’’ e.g., an e-mail address);
- Provide a parent, upon request, with the means to review the personal information collected from his/her child;
- Provide a parent with the opportunity to prevent the further use of personal information that has already been collected, or the future collection of personal information from that child;
- Limit collection of personal information for a child’s online participation in a game, prize offer, or other activity to information that is reasonably necessary for the activity; and
- Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information collected.
COPPA gives the NCUA authority to enforce compliance with COPPA for Federal credit unions. The FTC has authority to enforce compliance with COPPA for all other credit unions.
In addition to the final rule (Enclosure 1), enclosed are three documents from the FTC that should assist you in complying with COPPA. Enclosure 2 provides an overview of how to comply with the rule1. Enclosure 3 contains a list of the most frequently asked questions about COPPA2. Enclosure 4 is a summary of what web operators must do and what parents should do to protect a child’s privacy online3.
We encourage credit union officials and staff to review the requirements of COPPA and to evaluate the credit union’s policies and procedures to ensure compliance.