[Koha] COPPA and self registration

Fri Jan 6 13:22:59 NZDT 2017

* Chad Roseburg (croseburg at ncrl.org) wrote:
>We are planning to use the self-registration feature.
>
>How do you deal with patrons under 13 and COPPA?
>
>Thanks!

Hi Chad

How do you deal with them now? IE how do you register a child patron
currently? Do you have a policy for verifying their age?
Does your library have a privacy policy published already?

If so I think (you'd wanna check it with your friendly lawyer)
that you have to document how you will verify their age and that no
information will be retained if you cannot verify it.

"The act, effective April 21, 2000, applies to the online collection of
personal information by persons or entities under U.S. jurisdiction from
children under 13 years of age. It details what a website operator must
include in a privacy policy, when and how to seek verifiable consent
from a parent or guardian, and what responsibilities an operator has to
protect children's privacy and safety online including restrictions on
the marketing to those under 13"

"Site operators must post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from persons under age 13;
Make reasonable efforts (taking into account available technology) to provide direct notice to parents of the operator’s practices with regard to the collection, use, or disclosure of personal information from persons under 13, including notice of any material change to such practices to which the parents has previously consented;
Obtain verifiable parental consent, with limited exceptions, prior to any collection, use, and/or disclosure of personal information from persons under age 13;
Provide a reasonable means for a parent to review the personal information collected from their child and to refuse to permit its further use or maintenance;
Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information collected from children under age 13, including by taking reasonable steps to disclose/release such personal information only to parties capable of maintaining its confidentiality and security; and
Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.
Operators are prohibited from conditioning a child’s participation in an
online activity on the child providing more information than is
reasonably necessary to participate in that activity."

So it looks to me like you have to put a bunch of policies in place, and
document them in your privacy policy. 

Chris
>
>-- 
>Chad Roseburg
>Asst. Director / IT
>Automation Dept.
>North Central Regional Library
>_______________________________________________
>Koha mailing list  http://koha-community.org
>Koha at lists.katipo.co.nz
>https://lists.katipo.co.nz/mailman/listinfo/koha

-- 
Chris Cormack
Catalyst IT Ltd.
+64 4 803 2238
PO Box 11-053, Manners St, Wellington 6142, New Zealand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.katipo.co.nz/pipermail/koha/attachments/20170106/46e52a20/attachment.sig>