Children’s Online Privacy Protection Act
The iKeepSafe COPPA Safe Harbor Certification program ensures that practices surrounding collection, use, maintenance and disclosure of personal information from children are consistent with principles and requirements of the Children’s Online Privacy Protection Act (COPPA). Companies that comply with the guidelines are awarded a badge, making it easy for parents and schools to identify products that are compliant with COPPA.
Rise above the noise of children’s online content.
With the volume and variety of websites and online services being brought into the home and classroom, it is often challenging to determine which ones protect children’s information. Displaying the iKeepSafe COPPA seal helps parents and schools wade through to find the technology they can trust.
Meet and exceed federal regulations.
iKeepSafe goes beyond delivering COPPA compliance guidance. Our uniquely qualified privacy and online safety experts provide customized support to help you meet current industry best practices.
Clearly written policies explaining what data a website or online service collects from users, how such data is used and stored, and to whom it may be disclosed are mandatory. Such policies must accurately reflect actual website or online service data handling practices, and must be easy for the user to find and understand.
In the arenas of product development, media and marketing intended for children, collection of data must be limited to only what is reasonably required to deliver a promised product, feature or service to a child.
Participating companies must also have a process in place to respond to requests to provide parents or eligible students with a means to review data or categories of data that have been collected and to request that the data be amended or corrected.
Parents, not the operator, must remain in control of data collected from the child. Providing parents with notice, choice and consent over whether or not their child’s personal data is collected, and whether or not it is used or disclosed, must be maintained at all times while an operator intends to collect data from a child or is in possession of a child’s data. This includes providing parents with a reasonable means to review the specific data or categories of data that may have been collected from their child, to request that it be deleted, and to request that the operator of the website or online service not collect data from their child in the future.
Operators must maintain a baseline level of knowledge of privacy requirements and best practices. Regular assessments of policies and practices, as well as training of all employees on regulatory and company requirements in these areas must be a part of the responsibility accepted by an operator creating products intended for children.
Participating companies must maintain a baseline level of knowledge of data privacy and security requirements and best practices through annual employee training.