* Chad Roseburg (croseburg@ncrl.org) wrote:
We are planning to use the self-registration feature.
How do you deal with patrons under 13 and COPPA?
Thanks!
Hi Chad How do you deal with them now? IE how do you register a child patron currently? Do you have a policy for verifying their age? Does your library have a privacy policy published already? If so I think (you'd wanna check it with your friendly lawyer) that you have to document how you will verify their age and that no information will be retained if you cannot verify it. "The act, effective April 21, 2000, applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13" "Site operators must post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from persons under age 13; Make reasonable efforts (taking into account available technology) to provide direct notice to parents of the operator’s practices with regard to the collection, use, or disclosure of personal information from persons under 13, including notice of any material change to such practices to which the parents has previously consented; Obtain verifiable parental consent, with limited exceptions, prior to any collection, use, and/or disclosure of personal information from persons under age 13; Provide a reasonable means for a parent to review the personal information collected from their child and to refuse to permit its further use or maintenance; Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information collected from children under age 13, including by taking reasonable steps to disclose/release such personal information only to parties capable of maintaining its confidentiality and security; and Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use. Operators are prohibited from conditioning a child’s participation in an online activity on the child providing more information than is reasonably necessary to participate in that activity." So it looks to me like you have to put a bunch of policies in place, and document them in your privacy policy. Chris
-- Chad Roseburg Asst. Director / IT Automation Dept. North Central Regional Library _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-- Chris Cormack Catalyst IT Ltd. +64 4 803 2238 PO Box 11-053, Manners St, Wellington 6142, New Zealand