For Businesses For Consumers TRUSTe Blog About TRUSTe   
 
TRUSTe - Make Privacy Your Choice
Seal Programs  ::  How To Renew  ::  Resources  ::  Partner Services  ::  Events  ::  Tech Tips  ::  FAQs

Children's Online Privacy Protection Act (COPPA)

Frequently Asked Questions

What is COPPA?

Who must comply with COPPA?

What happens if I don't comply with COPPA?

Is COPPA compliance required even if the age field optional?

Does TRUSTe have guidelines that show me how to comply with COPPA?

I operate a general audience Website. What can I do if I don't want to collect and maintain children's PII?

Is the "bump-out" mechanism fool proof?

Are there examples of successful implementations of the "bump-out" mechanism"?

Are there examples of a financial services (i.e. banking, insurance, taxes, investments) Web sites that do not want to collect data from children under age 13 and are not targeted to children implementing a "bump-out" mechanism?

I have a children's area on my Website. Do I need the TRUSTe Children's Seal in addition to the regular Web Privacy Seal?

Q: What is COPPA?
A: COPPA is The Children's Online Privacy Protection Act. It was signed into law in October 1998 to protect the privacy of children by controlling the personal information that can be collected from children online. The Federal Trade Commission (FTC) enforces COPPA by requiring compliance with its Children's Online Privacy Protection Rule.

Q: Who must comply with COPPA?
A: If any of your Site(s) is directed at and collects Personally Identifiable Information from children under the age of thirteen (13), or if any section of your Site(s) is directed at and collects Personally Identifiable information from children under the age of thirteen (13), or if you knowlingly collect (or maintain) Personally Identifiable Information from children under the age of thirteen (13) on your Site(s), you must comply with COPPA.

You must comply with COPPA if:

  • You operate a website or online service that is specifically aimed at children under 13 AND the site collects or maintains Personally Identifiable Information; OR
  • You operate a general audience website that collects Personally Identifiable Information, including age or date or birth, from children under the age of 13.

Q: What happens if I don't comply with COPPA?
A: The Federal Trade Commission is authorized to assess civil penalties of $11,000.00 per violation, if it finds that a company has violated or evaded COPPA. The total amount of penalties assessed could be far in excess of $11,000.00.

Q: Is COPPA compliance required even if the age field is optional?
A:Yes.

Q: Does TRUSTe have guidelines that show me how to comply with COPPA?
A: Yes, TRUSTe provides these guidelines here [36K Microsoft Word Document].

Q: I operate a general audience Web site. What can I do if I don't want to collect and maintain children's PII?
A: If you do not wish to collect and maintain data from children under the age of 13 , you may create a "bump-out" mechanism. To implement "bump-out," a session cookie is set that directs the user to an informational page that explains why registration cannot be accepted. The presence of this session cookie prevents the user from changing his or her age on the registration form.

Q: Is the "bump-out" mechanism fool-proof?
A: No. Implementing the "bump-out" mechanism demonstrates that you are taking all necessary and reasonable steps to comply with COPPA and are not knowingly collecting and maintaining data from children.

Q: Are there examples of successful implementations of the "bump-out" mechanism?
A: Yes. A good example of implementation of a COPPA "bump-out" mechanism for a general audience Web site can be found at www.care2.com.

  • Join at http://passport.care2.net/signup.html
  • Select 1/1/1995 as your date of birth and start.
  • An informational message is presented, explaining why your registration cannot be accepted.
  • Click the back button on your browser and change your date of birth to 1/1/1984, and start.
  • An informational message is displayed, explaining why your registration cannot be accepted.

Q: Are there examples of a financial services (i.e. banking, insurance, taxes, investments) Web sites that do not want to collect data from children under age 13 and are not targeted to children implementing a "bump-out" mechanism?
A: Yes. A good example of a implementation of a COPPA "bump-ut" mechanism on a financial services site can be found at http://nwinsurance.nationwide.com/nwinsurance/.

  • On the Get-a-Quote form, choose District of Columbia as the state and choose Auto as the Quote type.
  • Choose "Start a Quick Quote" and enter 1/1/1995 as your date of birth and start. Use 20006 as your zip code.
  • An informational message is presented, explaining why your quote request cannot be accepted.

Q: I have a children's area on my Website. Do I need the TRUSTe Children's Seal in addition to the regular Web privacy seal?
A: Yes. TRUSTe requires all licensees comply with TRUSTe's Children's program requirements if they knowingly collect (or maintain) Personally Identifiable Information from children under 13. License agreements and self-assessments must also be completed for both programs. If you have applied for TRUSTe's Children's Privacy Seal, your account manager will assist you with fulfilling all of these requirements.
 
Sponsor: Microsoft Corporation
Go to your online applicationGet Certified
For Business | For Consumers | About TRUSTe | Careers | Site Map | Privacy Statement - UPDATED | TRUSTe Homepage | Terms & Conditions
© 1997 - 2008 TRUSTe. All Rights Reserved.