Learn about the legal and regulatory properties of PII based on the age of the individual.
- [Instructor] The collection and use of information about children under the age of 13 is regulated in the U.S. under COPPA, the Children's Online Privacy Protection rule that was enacted in 1998. Under COPPA provisions, parents have the right to review their children's PII that has been collected. They can also determine whether it can be stored or must be destroyed. COPPA also states that parents must be notified directly before collecting information about children.
Of course, that assumes that the online service or app provider knows the real age of the person subscribing to the service. I remember being in seventh grade. My friends and I fibbed about our age, always on the side of being older if it made sense to us in the moment. The PG-13 designation for movies was introduced in 1984, but I know that I took my own children to movies that they were deemed too young to watch. I suspect other parents have done the same. Are we training our children not to worry about age declarations? Human behavior changes little over time, I suspect that there are many children under 13 who happily affirm to being older so that they can use online sites.
Even when parents are notified that their underage child is trying to gain access to a website that will capture his or her information, how many of those parents will actually say no to their child's plea for permission? It may be more convenient or peaceful to allow the site to collect that underage information. Meanwhile, that underage information can be useful for creating an identity with a completely clear credit rating. Could that information be used for fraud in the future? Sites presumed to be safe can be guilty of violating COPPA.
Disney was slapped with a $3 million fine after some of its online games were charged with violations. According to the FTC records, some 821,000 children registered with Pony Stars from 2006 to 2010. An additional 400,003 children provided their information to some of the 19 other virtual worlds operated by Playdom, including 2 Moons, 9 Dragons, and My Diva Doll. If you can't trust Disney to protect our kids, who can you trust? Well, apparently, you can't trust all educational platforms.
InBloom, touted as super hot in the personalized training field, shut down in 2014 because of privacy concerns. Its software system tracked the biometrics of elementary-age children. It captured facial images and keyboarding activity to learn what interested children in lessons. FERPA, the Family Educational Rights and Privacy Act passed in 1974, classifies biometric data such as facial recognition as PII.
The minimum age for Facebook is 13, but again, who is checking? Especially if parents help the child register. This is a law and not a recommendation, like the PG-13 movie rating. One secondary consequence of lying about your age to get on Facebook is that all restrictions are lifted once the subscriber reaches 18. This means that someone 15 or younger could be considered adult because of entering false age information.
Just to clarify, Facebook only put parental constraints in place after a Federal Trade Commission consent decree forced the issue. Some online activities in this PII collection are limited to those who are at least 18 years old. Although most states restrict online gambling to those who are 21 or older, 13 states, Alaska, Idaho, Kansas, Maine, Minnesota, New York, North Carolina, Oklahoma, Rhode Island, South Carolina, Vermont, Washington, and Wyoming allow online gambling for 18-year-olds.
The 2016 Pew Research Center observed a big increase in the use of online dating sites and mobile apps for those between the ages of 18 and 24. They are now 27% of all subscribers in any age group and were only 10% of the total in 2013. 22% of them use these services. If you've ever checked out those sites, you know the kinds of questions asked, that's a lot of PII out there. There are also age restrictions on other online activities.
Shopping for certain products online requires age verification due to state and federal laws for the purchase of alcohol, tobacco, pharmaceuticals, and video games. Online banking restrictions vary based on national laws, with some allowing banking as young as 11. Still, verification remains a challenge, as does enforcement. In this lesson we have discussed some of the age-related restrictions for different online activities. Laws that protect children's PII include COPPA and FERPA.
Next we will look at U.S. laws regulating medical PII.
This course was created and produced by Mentor Source, Inc. We are pleased to host this training in our library.
- What is PII?
- Formal and informal capture
- Why is PII protected?
- Legal and regulatory influences
- High-profile PII breach cases: Medical, financial, and educational
- Global differences in PII use
- Protecting PII as an individual
- Best practices for organizations to protect PII