The first question to ask yourself is, who? This question includes who’s collecting your visitors’ info, who you’re sharing that info with, and who’s allowed to visit your website.
Also, who are you sharing the info with? You should say what’s shared with third parties, including affiliates and advertisers.
To access this website, you must be 13 years or older. We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian of a child under the age of 13 and become aware that we have collected such personal information without your consent, contact us and we will take steps to delete such personal information.
Unless you have an adult website, you probably don’t check your visitors’ age (and in that case, you have a few more rules to worry about!). But you can at least make it clear that it’s not intended for children.
Given the large penalties, every blogger would be wise to protect against COPPA liability.
Personally identifiable information includes name, email address, date of birth, and so forth. Disclose what personally identifiable information you and third parties (like your email marketing service) collect:
We ask visitors who comment on the website to provide a username and email address. We also collect potentially personally-identifiable information like IP addresses for logged in users and for users leaving comments.
These will vary depending on what you provide on your site. For example, financial info may be collected if you sell a product through your blog.
You might be thinking that you’re not in California, so what does it matter? But CalOPPA applies to any website that “collects and maintains personally identifiable information from a consumer residing in California who uses or visits the Web site.” You don’t have to be in California – and you’re not going to restrict 38 million Californians from reading your blog!
Yes, it’s silly that every single website must comply with California law. But do you really want to take the risk? Even if you aren’t in California, make sure you comply with CalOPPA’s “conspicuous” requirement.
We collect such information only insofar as is appropriate to fulfill the purpose of your interaction. We do not rent or sell personally-identifiable information to anyone.
“Appropriate to fulfill the purpose of your interaction” isn’t exactly the clearest phrase. It does sound like slippery lawyer language, but include it to be safe and protect yourself from liability. Treat your visitors with respect, and you’ll gain their trust.