COPPA Compliance: Parental Access to Child's Information
Inversoft has provided a shortened version of the ‘Business and Parents and Small Entity Compliance Guide’.
1. Do I have to keep all information I have ever collected online from a child in case a parent may want to see it in the future?
No. If the child's information was deleted prior to the parent inquiry, a simple reply, "the information has been deleted and no longer exists" will suffice.
2. What if, despite my most careful efforts, I mistakenly give out a child’s personal information to someone who is not that child’s parent or guardian?
Although the Rule requires the operator to ensure the requestor of the child's information to be the parent, if reasonable steps/procedures are taken the operator will not be held liable under federal or state law.
More details on COPPA FAQs can be found here.