Children's Online Privacy Protection Act

With the recent adoption of iPads and the increase use of other mobile devices by staff, it was recommended that a quick reminder of the requirements of The Children’s Online Privacy Protection Act (COPPA), be shared with all Heartland AEA employees.

Put into effect in 2000, COPPA governs how data is collected and then used around children under the age of 13. The law demands that sites aimed at children require parental approval in order for minors under the age of 13 to use them. The law states that:

• Children younger than 13 cannot be required to give out more information "than is reasonably necessary" to participate in a site's activities.

• Website operators must obtain parental permission to collect personal information from children younger than 13.

• Parents have the right to know what personal information is being collected and how it will be used.

• Parents have the right to review any information collected, determine whom it can be given to, and/or have the information deleted.

• Parental permission must be verifiable which can occur in a number of ways including the following: 

• The "print and send" method, in which a parent prints a permission slip posted at the site, signs it, and returns it to the site operator by snail mail.
• A toll-free number staffed by trained personnel, which parents call to provide verbal permission.
• A parent's credit card used during a transaction. 
• A digital signature, using an encryption method provided by the Web site operator.
• An e-mail accompanied by a PIN or password obtained by one of the verification methods listed above.

On December 19, 2012, COPPA was revised to widen the list of children’s personal information that will require parental permission to collect. It will now include children’s photos, videos or voice recordings, the IP addresses of their computers and the locations of their mobile phones. The updated rule also requires social networks, advertising networks and other third parties to get parents’ permission before knowingly collecting data from children’s sites and apps.

So what should Heartland staff do to comply with this law? It is recommended that educators and parents:

• Preview the sites students will visit and the apps student will use. If a site or app requires users to register. See what kind of information it asks for and determine your comfort level. You also can see whether the site appears to be following the most basic rules, like posting its privacy policy for parents clearly and conspicuously.

• Review the privacy policy. Just because a site has a privacy policy doesn't mean it keeps personal information private. The policy can help you figure out if you're comfortable with what information the site collects and how it plans to use or share it. If the policy says there are no limits to what it collects or who gets to see it, there are no limits.

• Make sure there is a signed parental release on file before photographing, videotaping or recording individual students or groups of students.

• If you have questions about a site's practices or policies, ask. The privacy policy should include contact information for someone prepared to answer your questions.