Children's Online Privacy Protection Act (COPPA)

The Children's Online Privacy Protection Act (COPPA) and the Federal Trade Commission's implementing regulation impose obligations on operators of commercial websites and online services directed to children younger than 13 that collect, use, or disclose personal information from children, as well as on operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. A financial institution should evaluate whether it, through its social media activities, could be covered by COPPA.

Certain social media platforms require users to attest that they are at least 13, and a financial institution using those sites may consider relying on such policies. However, the financial institution should still take care to monitor whether it is actually collecting any personal information of a person under 13, such as when a child under 13 manages to post such information on the financial institution's site.

A financial institution maintaining its own social media site (such as a virtual world) should be especially careful to establish, post, and follow policies restricting access to the site to users 13 or older, especially when those sites could attract children under 13. This may be true, for instance, in the case of virtual worlds and any other features that resemble video games.

Sources: FFIEC; COPPA