James S. Huggins' Refrigerator Door: Click here to go to my Home Page. coppa cabana, childrens' online privacy protection act, coppa privacy statement, qwerty
.
FTC Kidz Privacy Campaign

COPPA Cabana

Child Privacy Notice for
James S. Huggins' Refrigerator Door

 

What Is This Page?

This page is a notice, required by COPPA, related to information practices of this site regarding personal information and privacy of children. This page also provides background and impact information regarding COPPA.

Other Privacy Pages On My Site

General Privacy Page

The general privacy page provides an overview of all of my privacy policies. Although it is lengthy and thorough, I still think it is easy to read. You might even find a bit of humor if you look for it.

It also provides links to my specific privacy pages including:

CIPEATone

On Wednesday, 26.Jul.2000, Senators Spence Abraham, John McCain and John Kerry introduced the Consumer Internet Privacy enhancement Act (CIPEA). This proposed legislation never made it into the law. But I used the law as a model to construct a privacy statement which would comply. I did it as an exercise in learning more about privacy principles.

I have created a CIPEAprivacy disclosure page (which I call CIPEATone) to clarify the the notices proposed by CIPEA(Consumer Internet Privacy enhancement Act). All of the disclosures on the CIPEATone page are functional duplicates of disclosures on my privacy page, but they have been "organized" according to the structure of CIPEA. This page also provides background and impact information regarding CIPEA and links to other articles and resources for CIPEA.

OECD Privacy Statement

A long, long time ago, on 23.Sep.1980, the Organization for Economic Co-operation and Development, (OECD), issued Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

(Did you notice that date? 1980!! Privacy issues are not new.)

Recently OECD created the OECD Privacy Statement Generator to help organizations create privacy statements to post on websites.

I have created an OECD Privacy Disclosure page (which I call OECD Privacy-D) to stipulate how this site complies with the seven privacy principles.

All of the disclosures on the OECD Privacy-D page are functional duplicates of disclosures on my privacy page, but they have been "organized" according to the structure of the OECD Privacy Principles. This page also provides background and impact information regarding the OECD Privacy Guidelines links to other resources for the OECD Privacy Guidelines.

A Summary

Understand that you have to read this entire page to obtain the complete disclosure required by COPPA. But, the important parts are:

  • I do not solicit "personal information" from children.
     
  • I request that children not provide me with "personal information".
     
  • If I receive "actual knowledge" that a child has provided "personal information", I delete that information

When Did COPPA Happen?

On 21.Oct.1998, the U. S. Congress passed COPPA: the Children's Online Privacy Protection Act of 1998. The act required the FTC (Federal Trade Commission) to enact rules to administer the act by 21.Oct.1999. The FTC did that and published the final rule in the Federal Register on 03.Nov.1999. The final rule became effective on 21.Apr.2000.

Where Are the COPPA Rules?

You can see a copy of the final rule, published by the FTC, together with a complete discussion (in beautiful, bureaucratic legalese) of the rule at www.ftc.gov/os/1999/10/64fr59888.pdf.

What Sites Does COPPA Apply To?

COPPA applies to

  1. websites or online services "targeting" children, and also to
     
  2. websites or online services who have "actual knowledge" that they are collecting "personal information" from a child.

Interestingly enough, this site might fall into both categories. I'll explain more below.

In addition, COPPA only applies to commercial sites, and not to not-for-profit sites. The rules state, in part,

. . . where such website or online service is operated for commercial purposes, including any person offering products or services for sale through that website or online service . . .

. . . This definition does not include any nonprofit entity that would otherwise be exempt from coverage under Section 5 of the Federal Trade Commission Act (15 U.S.C. 45) . . .

So, is this a commercial site? I'll talk about that too.

What Does COPPA Require?

If COPPA applies, the website operator must:

  1. post prominent links on the website to a notice of how they collect, use, and/or disclose "personal information" from children;
     
  2. notify parents that they wish to collect information from their children and obtain parental consent prior to collecting, using, and/or disclosing such information;
     
  3. not condition a child's participation in online activities on the provision of more personal information than is reasonably necessary to participate in the activity;
     
  4. allow parents the opportunity to review and/or have their children's information deleted from the operator's database and to prohibit further collection from the child; and
     
  5. establish procedures to protect the confidentiality, security, and integrity of personal information they collect from children.

What Is a "Child"?

A child is any person less than 13 years old.

What Is "Personal Information"?

"Personal information" means individually identifiable information about an individual collected online, including:

  • A first and last name;
     
  • A home or other physical address including street name and name of a city or town;
     
  • An email address or other online contact information, including but not limited to an instant messaging user identifier, or a screen name that reveals an individual's email address;
     
  • A telephone number;
     
  • A Social Security number;
     
  • A persistent identifier, such as a customer number held in a cookie or a processor serial number, where such identifier is associated with individually identifiable information; or a combination of a last name or photograph of the individual with other information such that the combination permits physical or online contacting; or
     
  • Information concerning the child or the parents of that child that the operator collects online from the child and combines with another identifier described above.

Interestingly enough, one item of "personal information" that was not discussed anywhere within the federal regulations anywhere that I can find is the URL of a child's website! It seems that none of the the federal regulators nor none of the commenters considered that children might have their own websites.

In addition to all the information described above, this website considers the URL of a child's website to also be "personal information".

Is This Site, The Refrigerator Door, Affected?

That is a good question. And there is no simple answer. As I discussed above, I would be affected if I fit either of the two criteria:

  1. If I "target" children, or
     
  2. If I have "actual knowledge" that I am collecting "personal information" from a child.

Interestingly enough, this site might fall into both categories. I'll explain more

And, as I mentioned above, I would be affected only if this is a "commercial" website.

Does This Site "Target" Children?

I wouldn't have thought so. But consider these facts.

While developing my site I sought certifications from a variety of rating services and child safety programs to indicate that my site was safe for children. (These include Excalibur Realm, RSACi, Virtuosity.com Family Friendly Site, SafeSurf, Safe for Kids, and SOS's Operation Sandbox.

It turns out that the FTC may consider the fact that I tout my site as "child safe" as indicating that I "target" children.

For example, the rules state:

In determining whether a commercial website or online service, or a portion thereof, is targeted to children, the Commission will consider its subject matter, visual or audio content, age of models, language or other characteristics of the website or online service, as well as whether advertising promoting or appearing on the website or online service is directed to children. The Commission will also consider competent and reliable empirical evidence regarding audience composition; evidence regarding the intended audience; and whether a site uses animated characters and/or child-oriented activities and incentives.

In other words, the fact that I have all those cute little buttons posted on my Front Door saying I'm child safe, may work to convince the FTC that I'm targeting children.

In contrast, if I said "Hey, my site isn't suitable for kids and only adults should come here.", then I'd be less likely of being considered "covered" by COPPA.

Also, my site contains lots of factual information that a child may find of interest for doing research at school. I have, in fact, received emails from teachers either requesting information on a page they could not find or thanking me for assisting one of their students with a research project. This might also indicate to the FTC that I "target" children.

What "Personal Information" Does This Site Collect?

In addition to the question of whether I "target" children, the other issue is whether I have "actual knowledge" that I collect "personal information" from children.

I offer three opportunities for people visiting my site to give me "personal information":

  1. Anyone can email me and tell me anything they want. Their email would include their email address. And it might include other "personal information".
     
  2. Anyone can sign up for my email/ezine lists (e.g., Snippets and TestZine) giving me their email address (which is "personal information").
     
  3. Anyone can sign my Guestbook, again, telling me anything they want (including "personal information").
     
  4. Anyone can apply to join one of my webrings. In joining a webring, whether hosted by my, on my site, using the Ringlink system or hosted elsewhere (e.g., on the RingSurf or WebRing.com systems), the applicant would, at a minimum, disclose email address and URL information.

According to the rules, if I have "actual knowledge" that the information comes from a child (someone younger than 13) then I would also be subject to COPPA, even if I don't "target" children.

Let's look at each of these three individually and see what COPPA says.

email

If a child emails me and asks me a question, s/he may or may not disclose age. If the child does not disclose age, then I have no reason to be concerned.

But if I do learn age, and if it is less than 13, then I am permitted by COPPA to answer, once. This particular event is covered by a specific exception. But it also requires that I delete all records of the child (e.g., the email address).

[What doesn't seem to be specified anywhere in the act is what happens if my seven year old niece writes me an email. Does the fact that I operate a website suddenly make my online communication with my family subject to federal law? Do I need to solicit formal approval from my brother and keep a written record? I act on the presumption that COPPA does not cover personal email I receive from children I know personally.]

Signing Up for My email/ezine Lists

This also discloses "personal information": the email address. Now, prior to COPPA I wouldn't have ever known that the subscriber was a child. Thus I would never have "actual knowledge" and wouldn't have been concerned.

Cool, huh. The less I know, the easier it is.

Signing the Guestbook

Wow. Turns out this one is a real Pandora's Box. All the information in the Guestbook is optional. I even added the Guestbook at the request of people writing me. Yet, the fact that a child might disclose "personal information" in my Guestbook might make me subject to COPPA.

Now, if I never read my Guestbook, I'd never have "actual knowledge" and I'd be ok.

And, if I somehow "knew" that the poster was under 13 and deleted the post before it actually posted I'd be ok.

But, I only review my Guestbook when I have time. By the time I review it, some 12 year old could have signed it, said they were 12, given their email address, name, phone number and any other "personal information" they want. So, looks like on this one I am subject to COPPA.

Applying to a Webring

Webrings are communities of websites, united by a common interest and organized into a circular "ring" of mutual links, together with some technology to make it all work. Links on each page permit you to go from site to site, to travel the entire webring, eventually returning to the page from which you started. Links also permit you to access the list of member sites and to join the webring.

(This definition is from my Webring FAQ, part of the Webring Section of my website.)

This information is fundamental to the operation of a webring. It can't work without it.

Is This a "Commercial" Website?

Consider again the language from the rules:

. . . where such website or online service is operated for commercial purposes, including any person offering products or services for sale through that website or online service . . .

I use this site to promote my professional speaking business. I use this site to promote my consulting business. I use this site to host my resume. I use this site to obtain thirty cents of revenue when you sign up for some newsletters on my Links page. I link to booksellers and participate in their affiliate program to receive some revenue if people buy a book.

Although making money is not the primary purpose of this site, I wouldn't want to argue in a court of law that I am not commercial.

And, I am not a not-for-profit organization, so I'm going to presume I am covered.

Obtaining Parental Permission

COPPA requires that if I "target children" or if I have that "actual knowledge" that I am collecting "personal information" from children that (except for a couple special cases), I must obtain parental permission to collect and maintain that information.

Man. What a pain. Modify forms to ask for parent contact info. Then contact parents through the mail. Then get the info. And institute some system to keep out 12 year olds that haven't been "approved". Of course, I'd need a system to let parents inspect the records. And don't forget to keep all the files for government audits and inspections.

Or, subscribe to one of the commercial services that has sprung up to make a lot of money helping websites comply with COPPA.

All that might make sense for a big commercial site. But, why oh why would I want to worry about that. I don't. There's no point. None. Zip. Zero.

Surely It Isn't That Difficult to Comply

Consider these quotes from the media about compliance costs:

For SurfMonkey.com Inc. ( www.surfmonkey.com   ), a community site for children, the cost is $50,000 to $100,000 -- so far. For ECrush.com Inc. (www.ecrush.com), the expense was simply too high. The teen-romance Web site has begun turning away children under 13. (Click here.)

[Talking about Perry Aftab, an attorney with Aftab & Savitt in Springfield, N.J.] Aftab's services don't come cheap. She charges clients a $10,000 flat fee to audit their child-privacy practices. Aftab estimates that it will cost her clients between $60,000 and $100,000 a year to meet COPPA standards.  (Click here.)

Through her nonprofit organization, Wired Kids (www.wiredkids.org), Aftab plans to offer sites a lower-cost option for complying with COPPA: For an annual fee of up to $20,000, the group will confirm parents' permission for sites. (Click here.) [NB: $20,000 is a "lower-cost option"?]

Just ask the folks at Zeeks.com, who spent three months and more than $150,000 to get their Web site to comply with the Children's Online Privacy Protection Act (COPPA) of 1998. The reward for that effort was a 20% decline in traffic.  (Click here.)

"This legislation is a logistical nightmare," Jennifer Widstrom, director of EmailAbuse.org, a nonprofit group that fights spam, said in a statement issued Friday. "Companies will have to devote excessive, costly resources to comply with this legislation, while indirectly encouraging children to lie about their age."  (Click here.)

Solution: No Solution

The only solution that makes sense for me is to not collect "personal information" from children.

Overall Policy

My overall policy is simple:

I will not knowingly collect nor knowingly maintain "personal information" from children.

That Seems extreme.
Has Anyone Else Done This?

Yep. They have.

Sites that have stopped serving children include:

  • ECrush.com
     
  • Thomas the Tank engine
     
  • eMail.com (a service of NBC Internet)
     
  • Sony's game site

Or consider:

Last week, the nation's first online privacy law the Children's Online Privacy Protection Act went into effect, and the results weren't entirely pretty: The law left many Web businesses that cater to kids confused. As a result, many decided to simply stop dealing with children age 13 and younger.  (Click here.)

And one more:

"Complying with COPPA is not trivial," says Peter Rowe, executive vice president of development and co-founder of Zeeks.com. "You have to have a clean site, gathering no information whatsoever, to be safe."  (Click here.)

I include a number of links at the end of this page to articles about COPPA. Some of these describe the actions sites are taking. And they also describe the problems of encouraging children to lie. (That's what we call a "teaser"; it is supposed to keep you reading.)

How Has This Site Implemented This Policy?

I have implemented this policy in two ways.

  • First, I now tell children not to give me personal information.
     
  • Second, if they give me personal information even though I tell them not to, and if I obtain "actual knowledge" that they are children, I delete the information.

In particular, I have implemented these policies through directed changes and statements on the various affected pages of my site (e.g., my email/ezine lists (e.g., Snippets and TestZine), my Guestbook page, my webrings pages and my page providing email addresses).

Implications for My Email/Ezine Pages

I now ask the visitor their age. If the visitor clicks the "12 or younger" button, I tell the visitor I cannot subscribe him/her. If the visitor clicks the "13 or older" button, I tell the visitor how to subscribe.

In addition, if a visitor lies about being "13 or older", subscribes and I subsequently discover it, I unsubscribe them.

I have also posted prominent information about COPPA and prominent links to this page.

Implications for My Guestbook Page

I ask the visitor their age. If the visitor clicks the "12 or younger" button, I tell the visitor not to give me "personal information". Also, in that case, I use a special version of the form on which I removed the parts of the that asked for "personal information".

If the visitor clicks the "13 or older" button, I give the visitor the "complete" subscription form.

I have also posted prominent information about COPPA and prominent links to this page.

On the actual "form" which accepts Guestbook data, I have, to the extent I can, included links to this page. The actual "form" does not reside on my site and my ability to include such links is severely limited. However, I've done everything I can there to include such information.

Implications for My Webrings Pages

Overall

First, I have established a policy of not accepting webring members who are younger than 13 (or, in the case of webrings on the RingSurf system, younger than 14).

If I discover a member who violates these provisions, I delete the membership.

RingSurf

For my RingSurf based webrings, I enforce these provisions by asking for age as part of the join process.

I have also posted prominent information about COPPA and prominent links to this page each of my webring data collection pages for my RingSurf webrings.

Ringlink

For my webrings using the Ringlink system, I cannot easily inquire about age during the signup process (because I cannot easily modify the system), so I have modified the confirmation email to inquire about age.

WebRing.com

For my webrings within the WebRing.com system, I rely on the WebRing.com system to prescreen. Currently, that system will not create an account for someone less than 13 years old.

(Note that the WebRing.com system does not provide information about this. And, it does not even provide an error message if an individual less than 13 years old attempts to create an account. It even provides a confirmation page to say that the account is created. But, in fact, account creation does not occur in such cases and attempts to log in with such an account will fail.)

General Site Changes

Finally, I have posted links to this page in the left menu column on every page in my webrings sections, even on pages that do not collect information.

Implications for My email Contact Page

I have posted prominent information about COPPA and prominent links to this page from my page providing email addresses.

And, I have posted links to this page in the left menu column on that same page.

This information states my policy of complying with the "one time use" exception for email from children under 13.

Can Children "Cheat"?

Absolutely. The law may even encourage it. (See the Widstrom quote on this page above.)

Despite hours of hearings, tens, maybe hundreds of thousands of tax dollars spent in legislating the act and finalizing the rules, despite hundreds of thousands of dollars being spent on sites to comply, nothing in the act, and nothing in the rules, deals with the ingenuity of children.

The 12 year old (and 10 and 8 and 6 and 4) are smarter than anyone at the FTC or the U. S. Congress wants to admit. It will take children about five minutes to figure out that admitting they are under 13 means they either have to wait for their parent's permission, or, even worse, that they can't do some things. And it will only take another five minutes to figure out that a website cannot verify their answers and that there is no penalty for "lying".

Also, some children will use a second email address (theirs or a friend's) to "forge" their parents' permission.

Nothing in the act, the rules or the implementations will stop children from "cheating". Parents must act to help with this issue.

As an example, on my site, if a child posts an entry on my Guestbook, and says s/he is "13", then I proceed relying on that. If a child sends me an email and says s/he is "13", then I proceed relying on that.

Isn't That a Bit Cynical?

I don't think so. Consider these quotes from articles about children's reactions to the law.

Of course, nothing prevents mischievous children from lying about their age in order to avoid the parental consent requirement altogether or from masquerading as a parent via an alternative e-mail address. (Click here.)

Yet another [child's email to ECrush] sums up the challenges the Federal Trade Commission -- charged with pursuing offenders -- faces in enforcing the law: "I might as well lie about my age."  (Click here.)

"Trying to stop pre-teens from using the Web is like trying to nail Jell-O to the wall," wrote San Francisco public relations pro Nancy eckles. "each of them has a sister, a brother, a friend who has legit access. Lying will get the rest on."  (Click here.)

And as more kids get shut out from companies who decide they are not worth the trouble, they are not likely to appreciate COPPA. "It is not fair," wrote one young user about the law. "Why in the world does it make a difference if I am 12 or 13? What's the difference?"  (Click here.)

[Washington State Assistant Attorney General David Horn] described the recently adopted Child Online Privacy Protection Act as a complicated and difficult-to-enforce set of standards, which he suggested would be of limited value in protecting children.  (Click here.)

"Companies will have to devote excessive, costly resources to comply with this legislation, while indirectly encouraging children to lie about their age. Many children are going to magically have their thirteenth birthdays today."  (Click here.)

67% of 10-12 year olds said that, if they had to be 13 years old in order to do something on a website, they would simply say they were 13 in order to participate. (77% of all those surveyed said they would lie about their age).  (Click here.)

How Do Big Sites Comply?

For example, go to the Disney site to join their club at / disney.go.com/sign-in/index.html

Notice that the child gets to "choose". If the child chooses "less than 13", the parent's email is asked for and the parent is solicited for permission. If the child chooses "13-18", the parent email is asked for but the parent is only notified. If the child indicates "adult", no parental information is asked for.

However, again, notice that there is no way to ensure that the child answers "correctly".

What Does COPPA Require of This Site?

General Requirement 1
I must provide notice on this website of what information it collects from children, how it uses such information, and its disclosure practices for such information.

General Requirement 2
I must obtain verifiable parental consent prior to any collection, use, and/or disclosure of "personal information" from children.

General Requirement 3
I must provide a reasonable means for a parent to review the personal information collected from a child and to refuse to permit its further use or maintenance.

General Requirement 4
I must not condition a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity

General Requirement 5
I must establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of "personal information" collected from children.

In the sections below, I will review each of these requirements and how I comply with these requirements.

General Requirement 1

I must provide notice on this website of what information it collects from children, how it uses such information, and its disclosure practices for such information.

COPPA requires that I post a notice. That is what this page is for. This page is the notice.

Now, COPPA also specifies a boatload of requirements about the notice.

In particular, COPPA requires:

Notice Requirement 1
I must write the notice using clear and understandable language. I must not only make it complete, I must exclude unrelated, confusing, or contradictory materials.

Notice Requirement 2
If my site "targets" children, I must post a link to a notice of the information practices with regard to children on the home page of this website and at each area on the website where personal information is collected from children. If my site is a general audience website with a separate children's area, I must post a link to a notice of the information practices with regard to children on the home page of the children's area.

Notice Requirement 3
I must clearly label the link to the notice as a notice of the website information practices with regard to children.

Notice Requirement 4
I must place the link to the notice in a clear and prominent place and manner on the home page of the website.

Notice Requirement 5
I must place the link to the notice in a clear and prominent place and manner at each area on the website where children directly provide, or are asked to provide, "personal information", and in close proximity to the requests for information in each such area.

Notice Requirement 6
I must include, in the notice, the name, address, telephone number and email address of one "operator" who will respond to all inquiries from parents concerning the privacy policies and use of children's information. I must also include names of all other operators collecting or maintaining personal information from children through the website.

Notice Requirement 7
I must list the types of "personal information" collected from children and whether the personal information is collected directly or passively.

Notice Requirement 8
I must disclose how such "personal information" is or may be used, including fulfillment of a requested transaction, recordkeeping, marketing back to the child, or making it publicly available through a chat room or by other means.

Notice Requirement 9
I must disclose whether "personal information" is disclosed to third parties, and if so, the types of business in which such third parties are engaged, and the general purposes for which such information is used; whether those third parties have agreed to maintain the confidentiality, security, and integrity of the personal information they obtain from the operator; and that the parent has the option to consent to the collection and use of their child's "personal information" without consenting to the disclosure of that information to third parties.

Notice Requirement 10
I must disclose that I am prohibited from conditioning a child's participation in an activity on the child's disclosing more "personal information" than is reasonably necessary to participate in such activity.

Notice Requirement 11
I must disclose that the parent can review and have deleted the child's personal information, and refuse to permit further collection or use of the child's information, and state the procedures for doing so.

Now, let's review each of these requirements and how I comply with each one.

Notice Requirement 1

I must write the notice using clear and understandable language. I must not only make it complete, I must exclude unrelated, confusing, or contradictory materials.

I have had this notice reviewed by colleagues to confirm that it is clear and understandable. I have worked to ensure that it is complete, in compliance with both the letter of the law and implementing rules. And nothing in this notice is unrelated to the notice, nothing is confusing and certainly nothing is contradictory. I have even included additional explanatory and supplementary material related to COPPA. In other words, I've done more than any other site I've been able to find.

Notice Requirement 2

If my site "targets" children, I must post a link to a notice of the information practices with regard to children on the home page of this website and at each area on the website where personal information is collected from children. If my site is a general audience website with a separate children's area, I must post a link to a notice of the information practices with regard to children on the home page of the children's area.

As I have indicated earlier, I cannot with certainty determine which category this site falls into. And there are no provisions for the FTC to review my site and tell me. And I'm not planning to contract with one of the legal firms doing such reviews and pay them $10,000 fee for such a review. So I have elected to comply with "all" the requirements.

I have posted a link on the home page of my site. I have posted a link on the page for subscriptions to my email/ezine lists (e.g., Snippets and TestZine). I have posted a link on the page for my Guestbook. I have posted a link in the "menu column" of every page in the webrings section of my site. And I have posted a link on the page providing email addresses to contact me.

I have used text links, the FTC Website Kidz Privacy graphic (such as the one at the top of this page) and my own COPPA Child Privacy graphic to make each of these links distinctive.

Notice Requirement 3

I must clearly label the link to the notice as a notice of the website information practices with regard to children.

To assist with this labeling, I have used text links, the FTC Website Kidz Privacy graphic (such as the one at the top of this page) and my own COPPA Child Privacy graphic to make each of these links distinctive.

Notice Requirement 4

I must place the link to the notice in a clear and prominent place and manner on the home page of the website.

I have placed this link immediately beneath the other navigation bars on the page. I have used larger type and a different color to clearly distinguish the link. And I have used a graphic supplied by the FTC.

And, on the other pages (e.g, Guestbook, my email/ezine lists (e.g., Snippets and TestZine), webrings and my page providing email addresses, I've done the same.)

Notice Requirement 5

I must place the link to the notice in a clear and prominent place and manner at each area on the website where children directly provide, or are asked to provide, "personal information", and in close proximity to the requests for information in each such area.

On all such pages (e.g, Guestbook, my email/ezine lists (e.g., Snippets and TestZine), webring data collection pages and my page providing email addresses) I've included the graphic links in the left-hand navigation column and also at the bottom of the page in a prominent location.

Notice Requirement 6

I must include, in the notice, the name, address, telephone number and email address of one "operator" who will respond to all inquiries from parents concerning the privacy policies and use of children's information. I must also include names of all other operators collecting or maintaining personal information from children through the website.

I am the only operator.

The information required by the notice is: 

James S. Huggins
11150 Beamer Road #109-J2P
Houston, Texas 77089-2331

email me for my phone number which I keep off the site to reduce sales calls

also, click here for my email

Notice Requirement 7

I must list the types of "personal information" collected from children and whether the personal information is collected directly or passively.

I do not collect any "personal information" from children, unless such information is submitted by the child in contravention of stated policies of this site. Whenever I obtain "actual knowledge" that "personal information" has been collected from a child, such information is promptly deleted.

Children, in violation of the stated policies of this site, could submit as "personal information" all items listed by the FTC (see above), their website URL (which I consider to be "personal information" but the FTC didn't list), plus anything and everything else. This is because the forum for submitting such information permits free form text entry.

Notice Requirement 8

I must disclose how such "personal information" is or may be used, including fulfillment of a requested transaction, recordkeeping, marketing back to the child, or making it publicly available through a chat room or by other means.

I do not collect any "personal information" from children, unless such information is submitted by the child in contravention of stated policies of this site. Whenever I obtain "actual knowledge" that "personal information" has been collected from a child, such information is promptly deleted.

I do not "use" such information. Period.

"Personal information" submitted by "non-children" is used to:

Notice Requirement 9

I must disclose whether "personal information" is disclosed to third parties, and if so, the types of business in which such third parties are engaged, and the general purposes for which such information is used; whether those third parties have agreed to maintain the confidentiality, security, and integrity of the personal information they obtain from the operator; and that the parent has the option to consent to the collection and use of their child's "personal information" without consenting to the disclosure of that information to third parties.

I do not collect any "personal information" from children, unless such information is submitted by the child in contravention of stated policies of this site. Whenever I obtain "actual knowledge" that "personal information" has been collected from a child, such information is promptly deleted.

I do not "use" such information. Period.

"Personal information" submitted by "non-children" is disclosed to:

No contractual obligations currently exist to maintain the confidentiality, security and integrity of "personal information" from children because I do not collect any "personal information" from children.

Oh, and one other thing: since I have the obligation to advise you that the parent has the option to consent to the collection and use of their child's "personal information" without consenting to the disclosure of that information to third parties, let me formally advise you that the parent has the option to consent to the collection and use of their child's "personal information" without consenting to the disclosure of that information to third parties.

Notice Requirement 10

I must disclose that I am prohibited from conditioning a child's participation in an activity on the child's disclosing more "personal information" than is reasonably necessary to participate in such activity.

I do not collect any "personal information" from children, unless such information is submitted by the child in contravention of stated policies of this site. Whenever I obtain "actual knowledge" that "personal information" has been collected from a child, such information is promptly deleted.

However, since I must disclose that I am prohibited from conditioning a child's participation in an activity on the child's disclosing more "personal information" than is reasonably necessary to participate in such activity, let me state clearly and unequivocally that I am prohibited from conditioning a child's participation in an activity on the child's disclosing more "personal information" than is reasonably necessary to participate in such activity.

Notice Requirement 11

I must disclose that the parent can review and have deleted the child's personal information, and refuse to permit further collection or use of the child's information, and state the procedures for doing so.

I do not collect any "personal information" from children, unless such information is submitted by the child in contravention of stated policies of this site. Whenever I obtain "actual knowledge" that "personal information" has been collected from a child, such information is promptly deleted.

But, I'm working hard to be absolutely compliant. So, because they insist that I must disclose that the parent can review and have deleted the child's personal information, and refuse to permit further collection or use of the child's information, and state the procedures for doing so let me say with all the conviction I can express that that the parent can review and have deleted the child's personal information, and refuse to permit further collection or use of the child's information.

The procedure for doing so is simple: do nothing. If the parent does nothing, I will automatically delete any "personal information" submitted by a child in contravention of stated policies of this site. Further, if the parent does nothing, no further information will be collected, unless, of course, posted by a child in contravention of the stated policies of this site.

But, if the parent of a child discovers that a child, through the use of deceit and deception and fraud and in contravention of the stated policies of this site has concealed their "childishness", and, in so doing has submitted "personal information", the parent may let me know by, provide sufficient information to ensure that they are the parent of that child, and make their request.

General Requirement 2

I must obtain verifiable parental consent prior to any collection, use, and/or disclosure of "personal information" from children.

I do not collect any "personal information" from children, unless such information is submitted by the child in contravention of stated policies of this site. Whenever I obtain "actual knowledge" that "personal information" has been collected from a child, such information is promptly deleted.

Thus, I won't be requesting any verifiable parental consents.

General Requirement 3

I must provide a reasonable means for a parent to review the personal information collected from a child and to refuse to permit its further use or maintenance.

I do not collect any "personal information" from children, unless such information is submitted by the child in contravention of stated policies of this site. Whenever I obtain "actual knowledge" that "personal information" has been collected from a child, such information is promptly deleted.

Because I do not collect any personal information from children, unless such information is submitted by the child in contravention of stated policies of this site, and because whenever I obtain "actual knowledge" that "personal information" has been collected from a child, such information is immediately deleted, there is generally no way for a parent to review the information collected.

For a parent to refuse to permit further use or maintenance, the parent should do nothing. If the parent does nothing, I will automatically delete any "personal information" submitted by a child in contravention of stated policies of this site. Further, if the parent does nothing, no further information will be collected, unless, of course, posted by a child in contravention of the stated policies of this site.

But, if the parent of a child discovers that a child, through the use of deceit and deception and fraud and in contravention of the stated policies of this site has concealed their "childishness", and, in so doing has submitted "personal information", the parent may let me know by, provide sufficient information to ensure that they are the parent of that child, and make their request.

General Requirement 4

I must not condition a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity.

I don't.

And, in compliance with Notice Requirement 10, I've explicitly disclosed this on this notice page.

General Requirement 5

I must establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of "personal information" collected from children.

I did and do. I delete the information.

Can you think of anything more secure?

Summary

My overall policy is simple:

I will not knowingly collect nor knowingly maintain "personal information" from children.


Site Rating Systems

I have strongly mixed feelings about the use of rating systems instead of parental supervision and monitoring. My opinions are not clearly formed. While I work on these opinions, I've chosen to go ahead and list my site as being family safe, child safe, etc.

We Rated With RASCi iClass AA Content Site for All Audiences (Child Safe) This site labeled with the Internet Content Rating Association
Safe for Kids CYBERsitter Approved  (Possible Bogus Certification) iWatchDog
Family-Friendly Site (Virtuosity.com) RAU Family Friendly Children Safety SafeSurf Rated All Ages
Touch of Love Family Safe Rated


Links On My Site

Privacy StatementPrivacy Statement: All the privacy disclosures for my site. 

CIPEA ToneCIPEATone: Information about and disclosures related to the Consumer Internet Privacy enhancement Act (CIPEA). 

OECD Privacy-DOECD Privacy-D: Information about and disclosures related to the OECD Privacy Principles. 

Links Across the Net

Center for Media Education, COPPA, The First Year, A Survey of SitesCenter for Media education: COPPA, The First Year, A Survey of Sites: A PDF report from April 2001 surveying COPPA compliance. Has useful examples and a discussion of practices that may actually encourage children to cheat. 

CNET News.com (29.Mar.2000), "Many Web sites will pay high price for children's data"CNeT News.com (29.Mar.2000) , "Many Web sites will pay high price for children's data": High prices to comply; large fines if you don't. 

CNN.com (25.Apr.2000), "Online child privacy act proves problematic for sites"CNN.com (25.Apr.2000) , "Online child privacy act proves problematic for sites": Some of the problems of compliance. 

CNET News.com (27.Apr.2000), "Child privacy law locks out some Hotmail members"CNeT News.com (27.Apr.2000) , "Child privacy law locks out some Hotmail members": The impact on Hotmail users. 

CNN.com (16.May.2000), "Net Privacy Law Costs a Bundle"CNN.com (16.May.2000) , "Net Privacy Law Costs a Bundle": expensive COPPA compliance. 

Electronic Privacy Information Center (EPIC) COPPA Pageelectronic Privacy Information Center (ePIC) COPPA Page: A good overview page that also provides current information on alleged violations.

Electronic Privacy Information Center (EPIC) COPPA Complaint Against Amazon.com (22.Apr.2003)electronic Privacy Information Center (ePIC) COPPA Complaint Against Amazon.com (22.Apr.2003): explains the substance of their complaint.

Federal Trade Commission: Final Rule on COPPAFederal Trade Commission: Final Rule on COPPA: A PDF file discusses the comments received, the rationale for the final rule and presents the final rule. If you are a webmaster, you should read these ninety (90!) pages of text.

Federal Trade Commission: Final Rule on COPPA (Federal Register Images)Federal Trade Commission: Final Rule on COPPA (Federal Register Images): A PDF file discusses the comments received, the rationale for the final rule and presents the final rule. This is exactly like the other PDF file immediately prior, except that this one presents images of the Federal Register and so the text is smaller and harder to read (and is only 29 pages).

Federal Trade Commission: Text of COPPAFederal Trade Commission: Text of COPPA: This HTML page contains the text of COPPA (not the FTC implementing rules).

GigaLaw.com (Jun.2000), "Living with the Children's Online Privacy Protection Act"GigaLaw.com (Jun.2000) , "Living with the Children's Online Privacy Protection Act": A primer on COPPA. 

GigaLaw.com (Oct.2000), "How the FTC is Enforcing the Children's Privacy Act"GigaLaw.com (Oct.2000) , "How the FTC is enforcing the Children's Privacy Act": A progress report. 

How to Comply With The Children's Online Privacy Protection RuleHow to Comply With The Children's Online Privacy Protection Rule: An FTC publication. A useful summary, but not a substitute for reading the complete rule and the explanation.

How to Protect Kids' Privacy OnlineHow to Protect Kids' Privacy Online: An FTC publication.

How to Protect Kids' Privacy Online (PDF)How to Protect Kids' Privacy Online (PDF): A PDF version of the same FTC publication.

JimWorld: PrivacyWorldJimWorld: PrivacyWorld: This section of JimWorld provides information on COPPA.

JimWorld: PrivacyWorld: For Further Reading About COPPAJimWorld: PrivacyWorld: For Further Reading About COPPA: This page on the JimWorld site includes a link back to this COPPA Cabana page you are reading now.   This site links back to my COPPA Cabana page from this page on the site.

KidsPrivacy.orgKidsPrivacy.org: A project of the Center for Media education (CMe). The site offers general information on COPPA.   NB: on 10.Apr.2003 this site appears to be unavailable. However, it is still listed on the CMe site. I've written for clarification. On 24.Dec.2003, the site is gone, the domain name has been snapped up by a domain name reseller and the CMe site is also gone.

Law.com (13.Apr.2000), "Cyberspace Privacy Policy Is Being Created in Internet Time"Law.com (13.Apr.2000) , "Cyberspace Privacy Policy Is Being Created in Internet Time":  Discusses the speed of the development of privacy policies in the online world.  (requires subscription; free trial available; see below)

Law.com (23.Jun.2000), "FTC's Reversal on Internet Privacy -- And What It Means"Law.com (23.Jun.2000) , "FTC's Reversal on Internet Privacy -- And What It Means": Discusses the policy change at the FTC from preferring self regulation to recommending Congress enact privacy laws.  (requires subscription; free trial available; see below)

Law.com (28.Apr.2000), "Is the Internet Safe for Consumers?"Law.com (28.Apr.2000) , "Is the Internet Safe for Consumers?": Discusses developing laws protecting consumers on the internet.  (requires subscription; free trial available; see below)

Law.com (17.Jul.2000), "Lawyers Wrestle With Online Privacy"Law.com (17.Jul.2000) , "Lawyers Wrestle With Online Privacy":  An exploration of the legal and business issues of online privacy. Part of the Legal Professionals section of Law.com.

Law.com (29.Oct.1999), "Minefields Hopscotch: Introduction To Web Site Privacy Law"Law.com (29.Oct.1999) , "Minefields Hopscotch: Introduction To Web Site Privacy Law": Provides an overview of privacy law on the net.  (requires subscription; free trial available; see below)

SF Gate (21.Apr.2000), "Youth Privacy Net Law Takes Effect, Many Web Site Operators Worry They'll Lose Money On Children's Market"SF Gate (21.Apr.2000) , "Youth Privacy Net Law Takes effect, Many Web Site Operators Worry They'll Lose Money On Children's Market":  Why some sites are abandoning the children's market. 

SmartGirl.comSmartGirl.com: An online privacy and safety survey. 77% said they would lie about their age to gain access.  

Wired News (20.Apr.2000), "Kids' Privacy an Act, or Action?"Wired News (20.Apr.2000) , "Kids' Privacy an Act, or Action?": Getting ready the day before COPPA goes live. 

Wired News (01.May.2000), "Protecting Kids, Here and There"Wired News (01.May.2000) , "Protecting Kids, Here and There": Some of the issues in protecting our children. 

Wired News (06.May.2000) , "FTC Spanks Kids Site on Privacy": One of the first COPPA enforcement actions. 

Wired News (13.May.2000), "COPPA Lets Steam out of Thomas"Wired News (13.May.2000) , "COPPA Lets Steam out of Thomas": How COPPA is ending child access on some sites. 

ZDNet Inter@ctive Week (16.Mar.2000), "The COPPA Is Not Patrolling the Net"ZDNet Inter@ctive Week (16.Mar.2000) , "The COPPA Is Not Patrolling the Net": A brief discussion before the act became effective. 

ZDNet News (13.Mar.2000), "COPPA: Locked, loaded, patrolling the Net"ZDNet News (13.Mar.2000) , "COPPA: Locked, loaded, patrolling the Net": Getting ready for the implementation. 

ZDNET News (20.Apr.2000), "Sites Brace for COPPA Fallout"ZDNeT News (20.Apr.2000) , "Sites Brace for COPPA Fallout": A child (under 13) explains "I might as well lie about my age." as sites drop support for children. 

ZDNet News (24.Apr.2000), "COPPA Cost Too High For Some Sites"ZDNet News (24.Apr.2000) , "COPPA Cost Too High For Some Sites": Discusses how sites are abandoning children as a result of COPPA. 

ZDNet News (24.Apr.2000), "COPPA kicks up controversy"ZDNet News (24.Apr.2000) , "COPPA kicks up controversy": A discussion about whether COPPA will work. 

ZDNet News (04.May.2000), "Parents' Net 'dreams and nightmares'"ZDNet News (04.May.2000) , "Parents' Net 'dreams and nightmares'": Parents surveyed say they fear the net and at the same time are positive about it's potential. 

ZDNet News (04.May.2000), "digitalcapital: FastFacts"ZDNet News (04.May.2000) , "digitalcapital: FastFacts": New studies show that computers and the Internet are giving parents and kids something new to disagree about. 

ZDNet News (22.May.2000), "Are tech-savvy kids controllable?"ZDNet News (22.May.2000) , "Are tech-savvy kids controllable?": New studies show that computers and the Internet are giving parents and kids something new to disagree about. 


Law.com

Most of the Law.com links shown require a subscription. (Note that at least one does not require a subscription and is free.) However, Law.com offers a free 30-day trial subscription and the option to bill. Using this option web visitors can, on a one time basis, access the site to see these articles, as well as search for other articles and read new articles for 30 days without charge.

The extra text menu links (previously here) are being removed in the site redesign.
Browser and search engine improvements have eliminated the motivation/necessity for them.

This page created:
before
Wed, 16.Aug.2000

Last updated:
16:16, Sat, 10.May.2014

. . .

NOTICE --- SITE  UNDERGOING REWRITE - SEE LINK BELOW FOR DETAILS

 Explanation of the rewrite: New Page Layout.
 Check out my blog: My Ephemerae
 Yes ... I want you to link to my site Please link to me
 Want to email me? I'd love to hear from you.
 I have begun tutoring in the South Houston, Texas area.

. . .
coppa cabana, childrens' online privacy protection act, coppa privacy statement, qwerty . . . coppa cabana, childrens' online privacy protection act, coppa privacy statement, qwerty