COPPA: Children’s Online Privacy Protection Act

Questions and Answers

What is the purpose of the Children’s Online Privacy Protection Act (COPPA)?

To provide guidelines for parents on children's online activities

To regulate the use of personal information from children under 18 online

To promote online services directed to children

To prohibit unfair and deceptive acts in collecting personal information from children under 13 online (correct)

Who is required to provide certain notices and obtain parental consent under COPPA?

Operators of general audience websites

Operators of websites directed to children or collecting personal information from children online (correct)

Parents of children under 13 years old

Operators of social media platforms

Which agency is granted enforcement authority under COPPA?

Federal Deposit Insurance Corporation (FDIC)

Consumer Financial Protection Bureau (CFPB)

Department of Justice (DOJ)

Federal Trade Commission (FTC) (correct)

When did Federal Trade Commission regulations implementing COPPA become effective?

April 21, 2000

Under what circumstances should examiners consider conducting a compliance review using COPPA procedures?

When an institution is operating a general audience website and knowingly collecting personal information from a child online

What is the main focus of examination objectives related to COPPA?

To determine the compliance management policies related to COPPA regulation

What does COPPA regulate in connection with personal information?

Collection, use, or disclosure of personal information from children under 13 in an online environment

What should operators of websites directed to children do according to COPPA?

Provide certain notices and obtain parental consent for collecting personal information from children online

What type of websites are subject to compliance review using COPPA procedures?

Websites directed to children collecting or maintaining personal information about children

What does the FDIC have authority over regarding COPPA enforcement?

Enforcing penalties for non-compliance with COPPA regulations

What should be done if the institution participates in an FTC-approved, self-regulatory program?

No further examination is necessary

What is the first step to determine if an institution is subject to COPPA?

Determine if the institution operates a website directed to children

What should be done if the financial institution does not operate a website directed to children and does not knowingly collect personal information from a child online?

No further examination is necessary

What should be considered when assessing the quality of compliance risk management as it pertains to COPPA?

Frequency of compliance monitoring

What is the purpose of identifying weaknesses in compliance management policies, procedures, or controls?

To require effective corrective actions when deficiencies are identified

What should be done after discussing findings with management regarding compliance with COPPA?

Obtain a commitment for corrective action, as necessary

What is the role of the Board of Directors in compliance risk management as it pertains to COPPA?

Adoption of policies and procedures

Why is knowledge level of management and staff considered when assessing compliance risk management?

To ensure effective implementation of COPPA regulations

What determines whether further examination is necessary if an institution participates in an FTC-approved, self-regulatory program?

Participation in an FTC-approved program only

What action should be taken if weaknesses in compliance management policies or controls are identified?

Require effective corrective actions when deficiencies are identified

What should be considered when assessing the quality of an institution’s training program as it pertains to COPPA?

Training effectiveness