COPPA Compliance Checklist

The evolution of technology has made it so that it's virtually impossible to live without modern conveniences. This development has seen its way into our classrooms, allowing schools to integrate information technology to providing education to students. Notably, it has helped improve the standards of education and made it easier to provide a good education, but at the same time, it raises new questions about online privacy for children.

For this reason, the Federal Trade Commission has come up with a set of guidelines to improve on the Children's Online Privacy Protection Act (1998) to help new and upcoming education establishments comply with it. While its main premise is to ensure websites and online services that collect information from children under the age of 13 strictly protect that data and guarantee their privacy, it has now become a baseline for children's online privacy for all online vendors.

COPPA Compliance Checklist

COPPA compliance checklist mandates that any website or online service that targets children under the age of 13 exclusively, targets the general public but has knowledge of the fact that they are collecting personal information of users under age 13, organizations with plugins or ad networks that collect information from users under the age of 13 must guarantee protection of this information. Failure to do so will result in hefty fines and civil suits.

To that end, it is important to know and understand what to do in order to comply with COPPA Compliance checklist.


Here are COPPA Compliance Checklist to check

  1. Determine if your business or site is covered by COPPA

    COPPA requires that any business or site that deals with users under the age of 13, and collects and uses their data, establish intensive privacy protection measures for the data. It further explains what sites or online services are targeted in order for relevant businesses to comply. These include:

    1. Game apps for users under 13 years of age.
    2. Social network apps that use user data to advertise for users under the age of 13.
    3. Gaming platforms that use the internet
    4. Plugins
    5. Advertising networks
    6. Internet-connected toys.
    7. VoIP services.
    8. Websites entirely targeting users under 13 years of age.
    9. Sites collecting information for children under 13 years.
    10. Sites allowing users under 13 years and letting third parties collect data.
    11. General websites with knowledge of collecting personal information from children under 13 years.
    12. Organizations with plugins or ad network that collects user personal information from websites that target users under age 13.

  2. Identify type of data being captured, and why it's being captured

    Once you’ve established that you're covered by COPPA Compliance checklist, you have to know what type of data you're collecting from users under the age of 13 and why. Personally identifiable information such as full name, home address, telephone number, social security number, age, gender is all supposed to be protected from falling on the wrong hands. You, therefore, have to ensure that this information is completely safeguarded with the help of cybersecurity experts and software programs.

  3. Where that data is being housed

    Protecting the data is not enough. You have to know where the data is being housed and whether it can be retrieved if the owner or the parents want it. While COPPA Compliance checklist prevents parents from altering the data, it allows them to delete it if they need to. Knowing where the data is housed also allows you to remain compliant with COPPA.

Know the Basics of What Needs to Be Protected

Personally identifiable information from children under the age of 13 must be safeguarded for privacy. This includes full name, home address, telephone number, social security number, age, gender and a plethora of other data. In fact, any information that the parent hasn’t given consent to be collected, shared or housed must be treated the same way as the personally identifiable information. The essence of COPPA Compliance checklist is to give the parents complete control of what data sites and organizations collect for children under 13 years old to help protect them from cyber insecurity and crime.

Have a response plan in place

It is essential to avoid knee-jerk responses and have a detailed response plan should any breach occur in your COPPA compliance. In fact, it is important to do simulations of attacks just like fire drills to see what would transpire should an attack happen. In the event that there has been a breach, avoid being defensive, be honest, and clear as to what the problem is. Accept responsibility and start the damage control process. First, contact your head of the school/organization as well as the legal department and explain the situation. Above all, make sure you have set up stringent cybersecurity measures like ensuring you have a good security platform such as the NuEduSec cloud-based platform that provides online safety for students at school, in the classroom and even at home while also providing a trouble-free Internet experience in your school network.