The Federal Trade Commission voted unanimously this week to keep
the July 1, 2013, compliance date for the new COPPA Rule. Representatives from several
industry groups had asked the FTC to delay the compliance date to
give businesses more time to make the changes necessary to comply
with the new Rule. However, in a letter to these representatives, the FTC
explained that businesses have been able to follow the rulemaking
process for the past three years and that the new Rule was
announced in December 2012, leaving companies six months to study
the new Rule and make any necessary changes.
The FTC also stated that "the Commission will exercise
prosecutorial discretion in enforcing the Rule, particularly with
respect to small businesses that have attempted to comply with the
Rule in good faith in the early months after the Rule becomes
effective. Further, the Commission follows a policy for reducing,
or in appropriate circumstances waiving, civil penalties for
violations of a statutory or regulatory requirement by a small
The FTC reminded businesses that it has set up a hotline at CoppaHotLine@ftc.gov so that businesses can ask
specific questions about the new Rule and recently updated its COPPA FAQs to include information about the
California Considering a Bill Requiring Removal of
Personal Information from Children's Social Media
The California Senate has approved Senate Bill 501, which, if enacted, would
provide significant fines for social networking sites that fail to
remove the personal information of a child within 96 hours of
receiving such a request. The bill provides that "a social
networking Internet Web site shall remove the personal identifying
information of a registered user in a timely manner upon his or her
request. In the case of a registered user who identifies himself or
herself as being under 18 years of age, the social networking
Internet Web site shall also remove the information in a timely
manner upon the request of a parent or legal guardian of the
A request submitted by a registered user must include sufficient
information to verify the identity of the user and must specify any
known location of the information that is the subject of the
A social networking site that willfully and knowingly violates
any provision of the bill would be liable for a civil penalty of up
to $10,000 for each violation.
"Personal identifying information" is defined as a
person's address, telephone number, driver's license
number, state identification card number, Social Security number,
employee identification number, mother's maiden name, demand
deposit account number, savings account number, or credit card
number. "In a timely manner" is defined as within 96
hours of delivery of the request.
According to the Los Angeles Times, several companies,
including Google, Zynga, and Tumblr, oppose the bill and sent a
letter to the bill's sponsor, calling the proposal unnecessary,
unworkable, and in violation of teenagers' free-speech rights.
The bill now goes to the California State Assembly.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Kentucky is now the 47th state with a data breach notification law, a development that should be of interest not only to Kentucky-based entities, but also to entities that do business in Kentucky and have personal information about its residents