What We Do Services Products About Us Contact Us    
 

Educational Fundraising Whitepapers

COPPA Summary
January 2007

What: Mandatory compliance with the Children's Online Privacy Protection Act (COPPA) legislation of 2000
Who: Every organization working with Papilia that has a website targeted to an audience of children, and every organization that has actual knowledge that their website is collecting personal information from children
When: Action should be taken immediately

For more information, please visit http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm

I. COPPA COMPLIANCE
“COPPA” is the abbreviation for the Children's Online Privacy Protection Act, effective April 21, 2000. If you
operate a commercial website or an online service directed to children under 13 that collects personal
information from children or if you operate a general audience website and have actual knowledge that the
site is collecting personal information from children, then your organization must comply with COPPA.

NPOs must post a link to a notice of its information practices on the homepage of its website or online service
and at each area where it collects personal information from children. An NPO with a website that contains a
separate children's area must post a link to its notice on the main page of the children's area.

COPPA Compliance Checklist:

- The link to the privacy notice must be clear and prominent on the website
- Ask for age and/or birth year during data collection process
- Ask for a parent or guardian’s email address for obtaining permission to use a child’s personal information
- It is ideal to use a larger font size or a different color type on a contrasting background to make the link
and/or the privacy notice itself stand out
- A link in small print at the bottom of the page--or a link that is indistinguishable from other links on your
site--is not considered clear and prominent
- It is also recommended that a children’s version of the notice is available and prominently displayed within
the area that the child is asked to submit personal information
- Make sure that all NPO phone staff, marketers, receptionists, etc. are knowledgeable about COPPA
compliance and can answer inquiries from parents of children whose personal information has been
collected by the NPO

II. PARENTAL CONSENT
It is best practice for websites to include the following fields during the data collection process: “Are you 13 or
under?” or “Please enter your birth year.” Before collecting, using or disclosing personal information from a child,
an NPO must obtain consent from the child's parent. This means an NPO must make reasonable efforts (taking
into consideration available technology) to ensure that the child’s parent receives notice of the NPO’s
information practices and consents to those practices before personal information is collected from the child.

It is important that the NPO’s information practices are understood and widely available throughout the
organization. COPPA ensures that parents have the right to contact the NPO at any time for details about the
personal information the NPO has collected about the child, as well as the manner in which the NPO utilizes
such information.

III. EXAMPLE
Go to http://barbie.everythinggirl.com/ and click “Privacy Policy” at the top-right corner for an excellent
example of a privacy policy for a children’s website.

To generate a children’s privacy policy, please visit http://www.the-dma.org/privacy/childrensppg.shtml.

While it is ultimately each NPO’s responsibility to comply with all laws, your Papilia Client Services Manager will
follow up with you regarding COPPA compliance. We recommend contacting your NPO’s legdirection. If you have any questions in the meantime, please do not hesitate to contact us.

top^