Does your concept have a “kids club”? Do you have a loyalty club that allows customers to sign up for special deals or coupons? If so, you should already be aware of and compliant with the requirements of the Children’s Online Privacy Protection Rule (the COPPA Rule) which was mandated under the Children’s Online Privacy Protection Act of 1998 (COPPA). The COPPA Rule requires, among other things, that operators of websites and other online services that are directed to children under the age of 13 or who have actual knowledge that they are collecting personal information from children under 13 give notice to parents that they are doing so and get the parents’ consent before collecting, using or disclosing the child’s personal information.

On December 19, 2012, the Federal Trade Commission released information regarding an amendment to the COPPA Rule. The amendment, which will become effective July 1, 2013, incorporates changes that the FTC believes are “necessary to keep up with evolving technology and changes in the way children use and access the internet, including the increased use of mobile devices and social networking.” The thrust of the amendment is aimed at closing a loophole through which third parties were able to skirt the parental notice and consent requirements by not collecting names and addresses of children but using plug ins, kid-directed apps and other websites to collect persistent identifiers (for example, IP addresses, mobile device IDs, geolocation information, photographs and videos) that the FTC felt were the types of “personal information” that COPPA was intended to protect.

The amendment will be of particular importance to franchisors who specifically market to children under the age of 13 or who use or contract with vendors who use these types of persistent identifiers. But even for those who don’t, the amendment is a good reminder to check your company’s compliance with COPPA and the COPPA Rule. Proper protocols should be in place to guard against collecting information directly from children or, if you want children to be able to participate directly in your online services, you must be sure that you comply with COPPA and the COPPA Rule. This includes, for example, getting appropriate verifiable parental consents before collecting personal information from the child, providing the required parental notices (including what information you collect, how you use it and the parent’s right to examine the information and refuse its further use), posting a prominent and clearly labeled link to an online notice of your information practices with regard to children on your home or landing page and at each area of your website where personal information is collected from children, and establishing reasonable procedures to protect confidentiality of the information, its retention and ultimate deletion.