Children’s Online Privacy Protection Act
What is iKeepSafe COPPA Safe Harbor Certification?
The iKeepSafe COPPA Safe Harbor Certification program ensures that practices surrounding collection, use, maintenance and disclosure of personal information from children under the age of 13 are consistent with principles and requirements of the Children’s Online Privacy Protection Act (COPPA). Companies that comply with the guidelines are awarded a badge, making it easy for parents and schools to identify products that are compliant with COPPA.
Cut through the noise
Data privacy certified products have superiority and differentiation among the noise of children’s online content. With the volume and variety of websites and online services being brought into the home and classroom, it is often challenging to determine which ones protect children’s information. Displaying the iKeepSafe COPPA seal helps parents and schools to easily find technology they can trust.
Meet and exceed federal regulations
iKeepSafe goes beyond delivering COPPA compliance guidance. Our certification process includes continued, customized support to help you meet current industry best practices. We are dedicated to helping technology vendors achieve and remain in compliance year-round in the constantly evolving data privacy landscape.
Receive a professional and personalized experience
As a non-profit that has been helping parents, children and schools since 2005, iKeepSafe cares deeply about our technology clients. Our assessors are Certified Information Privacy Professionals with over 20 years of experience who work personally with each client throughout every stage of the certification process.
Peace of mind for your customers and your company
With the iKeepSafe COPPA Safe Harbor Certification, you know you are compliant. There is no second guessing.
Find more information on our COPPA 101 page.
Clearly written policies explaining what data a website or online service collects from users, how such data is used and stored, and to whom it may be disclosed are mandatory. Such policies must accurately reflect actual website or online service data handling practices, and must be easy for the user to find and understand.
In the arenas of product development, media and marketing intended for children, collection of data must be limited to only what is reasonably required to deliver a promised product, feature or service to a child.
Participating companies must also have a process in place to respond to requests to provide parents or eligible students with a means to review data or categories of data that have been collected and to request that the data be amended or corrected.
Parents, not the operator, must remain in control of data collected from the child. Providing parents with notice, choice and consent over whether or not their child’s personal data is collected, and whether or not it is used or disclosed, must be maintained at all times while an operator intends to collect data from a child or is in possession of a child’s data. This includes providing parents with a reasonable means to review the specific data or categories of data that may have been collected from their child, to request that it be deleted, and to request that the operator of the website or online service not collect data from their child in the future.
Operators must maintain a baseline level of knowledge of privacy requirements and best practices. Regular assessments of policies and practices, as well as training of all employees on regulatory and company requirements in these areas must be a part of the responsibility accepted by an operator creating products intended for children.
Participating companies must maintain a baseline level of knowledge of data privacy and security requirements and best practices through annual employee training.