[Sigia-l] SUMMARY: COPPA & getting parental consent

Janna Hicks DeVylder janna at devylder.com
Mon Aug 5 10:49:52 EDT 2002 

Again, apologies for the cross-listing.

On 07.25, I asked if anyone had suggestions on how to 'cope' with COPPA (see
my original post at the end).

Thanks to all for your replies, and sorry for the delay in mine. The problem
we're ultimately facing is that a teacher is supplying the information about
the student initially, not the student, nor the parent. While the FTC does
interpret the law to suggest that teachers may act as a proxy for parents in
such cases, our lawyers aren't so willing to stand on such an
interpretation. It looks like we're now going to 'require' that the teacher
knows the ages of his/her students, and have to deal with under 13 kids
differently than the older ones, and allow the teacher to supply only
non-identifying information about the younger students. This has now become
an effort to figure out a way to meet our system requirements, but not have
to take on the administrative burden of collecting consent. Now, the big
burning question is how we do that in a clean way.

If any other thoughts come your way, please contact me directly.

Thanks
Janna Hicks DeVylder

-------------------------------------
(personally my favorite solution...)

You could ask if they know a Flock of Seagulls. That seems to be a decent
dividing line... 
:) 

Cinnamon 

Cinnamon Melchor | Sapient

-------------------------------------
Hi Janna,

As I recall, when I had to do this with a previous company, the
essence of compliance was about making "reasonable efforts" (wording
from the policy itself). We had a form in which the student and/or
teacher who was signing up for our site had to enter the parent's
email address, and then we sent the parents an email saying "do you
consent?" They were able to click through to a form that said Yes or
No and then by submitting that form, they were providing consent.

Could the students/teachers lie about the parent's email address? Of
course, but it wasn't our problem -- we made "reasonable efforts" to
comply. There's no way we could confirm the validity of the email any
more than you can be sure that the person who signed the faxed form
is really the parent.

The email address/response form combo did help automate the consent
process. If most of the people signing up are _parents_, as opposed
to _students_, you could reasonably expect that they would put actual
parent email addresses in.

Hope this helps.
Amy Laskin

-------------------------------------
I am not sure if this directly answers your question (it may not) but here
is an example from 1800flowers.com. Users themselves indicate that they are
over 18 by providing personal information. Though it may not solve your
question, I thought you might find it useful nonetheless.

Good luck!

Sarah Ingalls
Requirements, Analysis and Design
Hallmark.com

-------------------------------------
Hi Janna,

I don't have any direct advice for you. But we've found a way around this
before. When working on Tolerance.org we built a feature that let children
upload their poetry and artwork. We wanted them to be able to search for it
later on and so they had to provide information about themselves. But we
also had to comply with COPPA. We ended up finding a particular combination
of information that the users would remember and be able to search by
(which required modeling the search results carefully along with usability
testing) while that information is sufficiently vague that others couldn't
identify a child.

You can see it here:
http://tolerance.org/one_world/index.jsp

good luck,
Victor

-------------------------------------
I don't understand.

You have teachers providing information on the
children.  Won't the teachers be able to send forms home
with the children?  If not, won't the teachers have the
family's address?

I've done a bunch of studies involving children and have
never used a credit card number.

[Even if an adult comes in with a child, how do you know
for sure that the adult is the parent?  There has to be
some sort of trust involved]

-------------------------------------
ORIGINAL POST:

Sorry for the cross-listing.

I'm currently working on a site that will connect students to online
educational products. Because of the nature of the products, we will be
collecting some personal information about the students from the
teachers...nothing excessive, but personally identifiable information
nonetheless.  Because of COPPA (The Children's Online Privacy Protection
Act), we need to obtain consent from parents of children under 13.

Obtaining parental consent can be expensive, time-consuming, and
frustrating
for many involved (although I ultimately appreciate the merits of the act).
I'm wondering if any of you have come up with quick, clear ways to obtain
parental consent, other than using credit card information to verify adult
status. (How many of us would be willing to provide that information, even
if we are told, YOUR CREDIT CARD WILL NOT BE CHARGED.) We're currently
resigned to paper consents being either mailed or faxed in, but any
suggestions would be appreciated.

Send me your responses directly (janna at devylder.com) and I will post a
summary to the list.

Thanks,
Janna Hicks DeVylder

More information about the Sigia-l mailing list