Knowledge Based Authentication Satisfies COPPA

Happy New Year!  We ‘re heading into our 5th year of doing this blog. I am convinced that we’ll get it right eventually.

And speaking of getting it right, the FTC recently approved an alternative authentication method for satisfying the parental consent requirement under the Children’s Online Privacy Protection Act. That law, also known as “COPPA” requires Web sites that are geared to children under age 13 to obtain parental consent before children provide personally identifiable information. And since the consent is provided in virtual form, the question is how to verify it’s legit. For readers who are not parents, please note that some kids (not any of my four mind you) lie about things occasionally. 

A company called Imperium has developed a program that allows Web sites and mobile apps to verify parental consent for COPPA purposes. It’s a program that requires the parent to provide answers to challenge questions before the child can proceed on the site. The challenge questions have answers known only to the individual. While the FTC has listed certain approved verification methods, it also allows the use of methods not on the list, if the FTC approves it on a case by case review. Imperium submitted its program to the FTC in August, and it got the thumbs up in late December. 

You’ve probably used similar technology on other Web sites.  I’ve seen questions like “pet’s name” “favorite rock band” and “high school.”  Which means my kids (all of whom are beyond 13) could probably have answered those questions for me. If you’re a parent of someone under 13 and you want to limit the kid’s access Web sites, you may want to select some more obscure questions. Or just make up answers.