Summary

This article provides University System of New Hampshire (USNH) community members with an introduction to the Children’s Online Privacy Protection Act (COPPA), a federal privacy law that applies to certain online activities involving children under the age of 13.

Intended Audience: USNH community members who manage or support websites, online services, or event registration processes that collect personal information from or about children under the age of 13. 

Content

USNH complies with the Children's Online Privacy Protection Act (COPPA). This federal law defines users' rights and information management requirements applicable to the online collection and use of information from children under the age of 13. Certain USNH-sponsored events, including youth programs, camps, tours, and similar activities, may include participants under the age of 13, and the responsible event managers must understand and comply with the law's requirements.

Events or other activities that specifically exclude participation by children under the age of 13, or that do not involve the online collection of personal information, may not be subject to COPPA’s requirements. However, event managers and others responsible for websites or online services should be familiar with COPPA requirements.

The key COPPA requirements for USNH are:

• USNH must post an online privacy policy describing its practices for the online collection of personal information from persons under the age of 13. The USNH Privacy Policy fulfills this requirement for all USNH institutions.
   
• Event Managers and others responsible for websites or online services must provide direct notice to parents of children under the age of 13 regarding practices for collecting, using, or disclosing children’s personal information, including notice of any material changes to practices previously consented to.  USNH provides language for this notice at https://www.usnh.edu/policy/coppa-notice.
   
• Event Managers and others responsible for websites or online services must obtain verifiable parental consent before collecting, using, or disclosing personal information from or about children under the age of 13.
   
• Event Managers and others responsible for websites or online services must provide parents with a way to review the personal information collected from their child and to prevent its further use or retention.
   
• Personal information collected from children will be retained only as long as reasonably necessary to fulfill the purpose for which it was collected, including supporting ongoing or potential future participation in institutional programs.
  
  Retention will be based on documented business or operational needs and reviewed periodically. When no longer required, the information will be securely deleted.
   
• Event Managers and others responsible for websites or online services must retain personal information collected online from a child only as long as necessary for the purpose for which it was collected. The information must then be deleted using reasonable measures to protect against unauthorized access or use.
   
• Event Managers and others responsible for websites or online services may not condition a child’s participation in an activity on the child providing more information than is reasonably necessary to participate in that activity

Please see the PDF document attached to this article for additional resources for Event Managers.

Further Readings

Handle Data with Care

USNH Privacy Policy  

General Cybersecurity Services

Complying with COPPA: FAQ - The Federal Trade Commission (External)

Need additional help?

Submit a General Cybersecurity Services request.

Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request.  For password issues you must call or visit the Help Desk in person.