Safe Harbor Program Requirements  

Member companies must agree to abide by the Program Requirements. The Program Requirements are a set of guidelines that regulate the way member companies collect, use and disclose personal information from children 12 years old and under. By following the Program Requirements, visitors to websites operated by a member company are assured that:

A privacy policy will be posted on the homepage of a member company’s website and a link to such privacy policy will be provided at each point within the website where personal information is collected;

Notice will be provided to the child's parent about the website’s information practices and prior verifiable consent will be obtained before collecting personal information from children;

The child's parent will be given the choice to consent to the collection and use of their child's personal information for internal use by the website, and the parent will be given the opportunity to elect not to have their child's personal information disclosed to third parties;

The parent will be provided with access to their child's personal information, and given the ability to review and/or delete the information and opt-out of the future collection or use of the information;

The age information on the registration form must be asked in a neutral manner that does not invite falsification. Members must employ temporary or permanent cookies to prevent children from back-buttoning to change their age in order to circumvent the parental consent requirement or obtain access to the site;

The child's participation in a game, the offering of a prize, or another activity will not be conditioned on the child's disclosure of more personal information than is reasonably necessary for the activity; and

Member companies will maintain the confidentiality, security, and integrity of the personal information they collect from children.

Integrity Membership Seal of Approval and Click-to-Verify Mark

Member companies that satisfy the Program Requirements must display the Integrity Membership Seal of Approval. For parents and children, the Membership Seal of Approval offers them assurance that the website has a posted privacy policy, that the privacy policy describes how the information is collected and used, and that website submits to ongoing monitoring and enforcement.

Visitors to websites that are members in the Children’s Privacy Compliance Program can verify such membership by using the "click to verify" mark (“Verify Mark”). Each Verify Mark is linked to a verification page on a secure Aristotle server. The verification page allows parents to verify that the website is authorized to display the Integrity Membership Seal of Approval and the Verify Mark, and is in full compliance with the Program Requirements.

Compliance Advancement Team

As part of the Program Requirements, member companies must post a privacy policy that is clear, understandable and contains no unrelated contradictory or confusing material. To assist member companies with implementing a meaningful privacy policy that properly conveys to the parent and child the necessary information about the website information practices, Aristotle’s Integrity offers member companies guidance on how to modify their existing privacy policy, or help with drafting their first privacy policy, to make sure that all member companies comply with the Program Requirements.

Compliance Monitoring

Compliance monitoring is a central part of the entire Children’s Privacy Compliance Program and includes the following components: initial and annual self-evaluation of a member company’s website; quarterly and periodic, unannounced monitoring reviews of the member company website; and community monitoring reviews.

First, all member companies must conduct an initial evaluation of their website’s information collection, use, and disclosure practices. Each member company is required to complete and attest to the accuracy of the statements it makes on a self-evaluation form about its information practices. A representative of the Children’s Privacy Compliance Program will independently review the website’s privacy policy and practices with the self-evaluation form to ensure that they are consistent with each other, the Program Requirements, and COPPA. Before becoming a participating member in the Children’s Privacy Compliance Program, the company seeking membership must make all required modifications to its website that Aristotle deems necessary to comply with the Program Requirements and COPPA. Member companies will be required to complete the same self-evaluation form on an annual basis to ensure that their website information practices continually comply with the Program Requirements and COPPA, and are consistent with their posted privacy policies.

Second, all member companies must submit to quarterly monitoring of their website’s information practices. The purpose of monitoring reviews is to ensure that a member company’s website and its privacy policy are constantly in full compliance with the Program Requirements and COPPA. Specifically, monitoring reviews are conducted by trained privacy monitors that systematically move about a member company website ensuring that: (i) there is a prominent link to the website’s privacy policy on the homepage and any web page where information is collected by the website; (ii) the member company obtains prior verifiable parental consent from all children twelve years old and under before collecting their personal information; and (iii) there is compliance with the Program Requirements.

In addition to quarterly monitoring, a member company must also agree to submit to periodic, unannounced reviews of its website. These unannounced reviews will be used to further verify that the member company’s website is complying with the Program Requirements and COPPA at all times. The Children’s Privacy Compliance Program will also periodically “seed" the personal information it maintains on behalf of a member company to confirm that the member company is not using the information for any other purposes than the stated purpose in its privacy policy. Reviews are memorialized in written reports provided to the member and maintained by the Children’s Privacy Compliance Program for a period of at least three (3) years.

Third, all member companies must provide the parent and child with a reasonable and effective means to submit complaints that they may have about the member company information practices. The Children’s Privacy Compliance Program also offers the parent and child the opportunity to submit complaints about any member company website directly to the Children’s Privacy Compliance Program. A representative of the Children’s Privacy Compliance Program handles all complaints immediately. The Children’s Privacy Compliance Program maintains a record for three (3) years of all complaints received by the Children’s Privacy Compliance Program, any investigation conducted by Aristotle into the alleged violation of the Program Requirements, and the outcome of such investigation.

Dispute Resolution

Member companies must provide the parent and the child with a means to submit questions or complaints that they may have about a member company’s information practices. If the parent or child is not satisfied with the response they receive from the member company, the Children’s Privacy Compliance Dispute Resolution Program offers parents assistance with resolving those complaints. Such assistance may include contacting the member company directly to investigate the complaint and finding a resolution of the parent’s or child's concern or requiring a representative of the member company to participate in the Children’s Privacy Compliance Program’s alternative dispute resolution services. In both cases, a trained member of the Children’s Privacy Compliance Program staff administers the process.