7 Ways to be More COPPA Compliant

Brian Pontarelli

Gavel on keyboard representing the COPPA law

In light of the recent COPPA (Children's Online Privacy Protection Act) violations and some hefty fines being doled out by the FTC (see our resources at the end of this post for links to the violations), we put together a list of 7 ways to be more COPPA compliant.

1. Collect as Little Information as Possible

The simplest way to be more COPPA compliant is not to collect personally identifiable information (PII) from your users. If you are collecting this type of information, ask yourself why. If the answer to that question isn't vital to your business, stop collecting the information. It’s easy to fall into the trap of collecting information for no other reason than having it.

One place you might have overlooked where you could be collecting PII is blog comments. Some blog software requires users to give their name and email addresses to post a comment. If you want to allow users to comment on blogs, make sure they can do so without sharing their information.

Another place to look is online features. If you require that users register in order to provide online features like saved games, settings and preferences, ask yourself if a simple username and password is sufficient. If you don't need additional information from the user, don't collect it.

2. Ask for the Age First

If users must register for your website, game, or community, you must determine their age first. Asking "are you under 13" with a yes or no answer isn't sufficient. You must ask for the user’s age in such a manner that they are more inclined to answer truthfully.

Continue reading


Prevent Users from Sharing PII & Account Information

Marshall Bauernfeind

Preventing users from sharing account information is a security concern as well as a way to prevent paid accounts from being shared. When hosting a virtual environment targeted to kids, you are also required to take reasonable measures to prevent users from sharing PII (Personal Identifiable Information) in accordance with COPPA (Children’s Online Privacy Protection Act). The types of personal information include, but are not limited to, phone number, email address, and home address which cannot be shared in chat rooms, forum posts, and the like. Implementing all of the following prevention techniques will dramatically reduce your risk from users sharing account credentials and PII.

Prevent Users from Sharing PII & Account Information

Educate Your Users

Will your users read your terms of service and privacy policy from start to finish? What if they are children? Probably not. Periodically remind users the importance of keeping private information private. First, display a notification each time users log in reminding them to never share their name, address, etc. Also, create quick and fun activities for your users to engage in informing them what not to share in the form of videos, short games, or other activities.

Continue reading