COPPA (Children's Online Privacy Protection)

Summary

This article provides USNH community members an introduction to the Federal Privacy law entitled Children's Online Privacy Protection Act (COPPA). COPPA is a law that establishes a strict set of guidelines for online operations to protect the privacy of children under the age of 13.

Intended Audience: This article is intended for USNH administrators of websites or online services wherein a child under age 13 is providing personal information.

Content

The University of New Hampshire complies with the Children's Online Privacy Protection Act (COPPA) requirements. This Federal law defines users' rights and information management requirements applicable to the online collection and use of information from children under the age of 13. Certain University-sponsored events, including summer youth programs, camps, tours, and similar activities, may include participants under the age of 13, and the responsible events managers must understand and comply with the law's requirements. The information and documents provided here intend to assist events managers when compliance with the law is necessary. 

Events or other activities which specifically exclude the participation of children under the age of 13 or those where the participants' information collection is not done online are not required to comply with COPPA. However, the events managers and website operators should be familiar with the law's requirements in all cases.

The key COPPA requirements for UNH are:

• The institution must post an online privacy policy describing its information practices for online personal information from persons under 13.  The USNH Privacy Policy  fulfills all USNH institutions' requirements. 
• Events Managers and other website operators must provide direct notice to parents of the operator's practices regarding collecting, using, or disclosing personal information from persons under 13, including notice of any material change to such practices to which the parents have previously consented.
• Events Managers and other website operators must obtain verifiable parental consent to collect, use, and/or disclose personal information from persons under age 13.
• Events Managers and other website operators must provide means for a parent to review the personal information collected from their child and refuse to permit its further use or maintenance.
• Events Managers and other website operators must have procedures to protect the confidentiality, security, and integrity of the personal information collected from children under the age of 13. Including taking reasonable steps to disclose/release such personal information only to parties capable of maintaining its confidentiality and security.
• Events Managers and other website operators must retain personal information collected online from a child only as long as is necessary to fulfill the purpose for which it was collected. The information shall be deleted using reasonable measures to protect against unauthorized access or use.
• Events Managers and other website operators may not condition a child's participation in an activity on the child providing more information than is reasonably necessary to participate in that activity.

Further Readings

Handle Data with Care

USNH Privacy Policy 

General Cybersecurity Services

Complying with COPPA: FAQ - The Federal Trade Commission 

Need additional help?

Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request.  For password issues you must call or visit the Help Desk in person.