Coping with COPPA

Have you joined the latest summer camp trend of having a website with interactive features such as chat rooms, message boards, e-commerce, and content written by campers?

Well, it's important to realize that along with the benefits of these features comes the responsibility of complying with the Children's Online Privacy Protection Act (COPPA).

Many camps, even those with the best of intentions that vigorously guard the privacy of their campers, have been unknowingly violating COPPA.

In order to comply with COPPA a website must institute a series of significant procedural and technological safeguards, and provide explicit information to its users.

Violations of COPPA can result in Federal Trade Commission enforcement actions and civil fines of up to $11,000 per violation. In fact, the Federal Trade Commission recently has increased its efforts to investigate websites that are not COPPA-compliant.

COPPA applies to all websites that collect personal information (such as name, address, email and other contact information) from children under 13, or that allow children to post information (through chat rooms, message boards, etc.). Thus, even if you restrict certain areas of your website to your camp community only, or even if you monitor chat rooms closely and do not give personal information of your campers to outsiders, your website still may be subject to the rules of COPPA.

You should not necessarily abandon the idea of message boards and children's content just because of COPPA. But you should be very careful to institute all of the safeguards required by the rules. For example, at, the websites and interactive online features we provide to summer camps have been carefully developed to comply strictly with COPPA's many rules.

To introduce you to some of the basic COPPA rules, the following summarizes some –- but not all -– of the critical requirements:

• A website subject to COPPA must have a privacy policy that provides certain explicit information, including an explanation about the collection, use and display of personal information. There must be a prominent link to the privacy policy on a website's homepage and on any other page where personal information may be collected from children.

• A website cannot collect personal information from a child, or allow a child to post anything on its site, unless the website has received verifiable consent from that child's parent or guardian. Verifiable consent can be obtained by receiving signed parental consent or by verifying a parent's credit card number.

• If a parent revokes their previous consent for a child to use message boards and/or chat rooms, the website must have the technology to reverse the child's ability to access these features.

If you are interested in more information on COPPA, you should visit the Federal Trade Commission's website at Also feel free to review's privacy policy at to see how Bunk1 complies with COPPA.

Michael Steinig is general counsel and director of business development for and graduated with honors from Harvard Law School. This article is for informational purposes only and is not intended to constitute legal advice.

Bryan BuchkoComment