COPPA: Children’s Online Privacy Protection Act

Questions and Answers

What is the purpose of the Children’s Online Privacy Protection Act (COPPA)?

• To provide guidelines for parents on children's online activities
• To regulate the use of personal information from children under 18 online
• To promote online services directed to children
• To prohibit unfair and deceptive acts in collecting personal information from children under 13 online (correct)

Who is required to provide certain notices and obtain parental consent under COPPA?

• Operators of general audience websites
• Operators of websites directed to children or collecting personal information from children online (correct)
• Parents of children under 13 years old
• Operators of social media platforms

Which agency is granted enforcement authority under COPPA?

• Federal Deposit Insurance Corporation (FDIC)
• Consumer Financial Protection Bureau (CFPB)
• Department of Justice (DOJ)
• Federal Trade Commission (FTC) (correct)

When did Federal Trade Commission regulations implementing COPPA become effective?

April 21, 2000 (A)

Under what circumstances should examiners consider conducting a compliance review using COPPA procedures?

When an institution is operating a general audience website and knowingly collecting personal information from a child online (B)

What is the main focus of examination objectives related to COPPA?

To determine the compliance management policies related to COPPA regulation (B)

What does COPPA regulate in connection with personal information?

Collection, use, or disclosure of personal information from children under 13 in an online environment (A)

What should operators of websites directed to children do according to COPPA?

Provide certain notices and obtain parental consent for collecting personal information from children online (C)

What type of websites are subject to compliance review using COPPA procedures?

Websites directed to children collecting or maintaining personal information about children (D)

What does the FDIC have authority over regarding COPPA enforcement?

Enforcing penalties for non-compliance with COPPA regulations (C)

What should be done if the institution participates in an FTC-approved, self-regulatory program?

No further examination is necessary (A)

What is the first step to determine if an institution is subject to COPPA?

Determine if the institution operates a website directed to children (C)

What should be done if the financial institution does not operate a website directed to children and does not knowingly collect personal information from a child online?

No further examination is necessary (C)

What should be considered when assessing the quality of compliance risk management as it pertains to COPPA?

Frequency of compliance monitoring (D)

What is the purpose of identifying weaknesses in compliance management policies, procedures, or controls?

To require effective corrective actions when deficiencies are identified (C)

What should be done after discussing findings with management regarding compliance with COPPA?

Obtain a commitment for corrective action, as necessary (B)

What is the role of the Board of Directors in compliance risk management as it pertains to COPPA?

Adoption of policies and procedures (B)

Why is knowledge level of management and staff considered when assessing compliance risk management?

To ensure effective implementation of COPPA regulations (D)

What determines whether further examination is necessary if an institution participates in an FTC-approved, self-regulatory program?

Participation in an FTC-approved program only (B)

What action should be taken if weaknesses in compliance management policies or controls are identified?

Require effective corrective actions when deficiencies are identified (D)

What should be considered when assessing the quality of an institution’s training program as it pertains to COPPA?

Training effectiveness (A)