Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    46 Important Account-Based Marketing Statistics for the Modern Marketer

    Motion Picture Association will work with Congress to start blocking piracy websites in the United States

    Excellent Support Guide: Unlock Cloud Success

    Facebook X (Twitter) Instagram
    Tech Empire Solutions
    • Home
    • Cloud
    • Cyber Security
    • Technology
    • Business Solution
    • Tech Gadgets
    Tech Empire Solutions
    Home » i-Dressup and data security confusion
    Business Solution

    i-Dressup and data security confusion

    techempireBy techempire3 Comments4 Mins Read
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
    Share
    Facebook Twitter LinkedIn Pinterest Telegram Email

    Kids love to play dress-up, but parents don’t want them rummaging through the attic or climbing to the top of a closet without permission and proper supervision. The i-Dressup.com website provides users, including children, with a way to virtually dress up and design outfits without these potential dangers. But according to the FTC’s complaint, Unixiz, Inc., the company behind i-Dressup, violated the Children’s Online Privacy Protection Act, creating a different type of risk.

    COPPA creates two separate sets of protections to help parents control the personal information collected from their children online. First, companies covered by COPPA must clearly disclose their information policies and obtain parental consent before collecting personal information from children under 13. Second, companies must provide reasonable and appropriate security for the information they collect. According to the FTC settlement agreement, i-Dressup failed to meet two requirements of COPPA.

    The complaint alleges that i-Dressup failed to adequately disclose on its website the information it collects from children online, how it uses that information, its disclosure practices and other details required by the COPPA rules. The company’s direct notifications to parents were also flawed. Among other things, they failed to include the statement required by COPPA that if parents do not provide consent within a reasonable time, i-Dressup will delete their online contact information from its records. Stick with the story because this failure is particularly disturbing.

    In addition to letting users play online games, i-Dressup also features a community where users can “explore their creativity and fashion sense through unique profiles” and interact with others. To register, i-Dressup requires people to submit a username, password, date of birth and email address. If the date of birth indicates that the person is under 13 years old, the email field will change to “Parent’s Email.” Once users under the age of 13 fill out the required fields and click “Join Now,” i-Dressup collects personal information and sends a message to the address entered in the parent email field. Recipients of the email can give their consent by clicking “Start now!” button.

    However, if parents do not consent, i-Dressup will retain personal information collected from children online. The FTC said the company’s failure to remove the information violated COPPA Rule 312.5(c)(1).

    In addition to violating the parental consent provisions of COPPA, i-Dressup allegedly violated the data security requirements of the rule. According to the FTC, i-Dressup stores and transmits users’ personal information (including passwords) in plain text. Additionally, the company failed to conduct network vulnerability testing of its network, even against well-known threats such as SQL attacks; it failed to implement an intrusion detection and prevention system; and it failed to monitor potential security incidents. The results of it? The company learned that a hacker had gained access to its network and accessed the information of approximately 2.1 million users, including approximately 245,000 users under the age of 13.

    To resolve the case, i-Dressup and its owners will pay a $35,000 civil penalty. They will also be prohibited from violating COPPA in the future and will not sell, share or collect any personal information until they have implemented a comprehensive data security plan and obtained an independent biennial evaluation. Additionally, they must provide annual compliance certifications to the Federal Trade Commission.

    COPPA’s message to websites and operators is that an effective parental consent system is only the first step in compliance. COPPA Rule 312.8 also requires you to “establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.”

    Interested in data security issues? Please read the attached Commission statement to learn more about another FTC action announced today.

    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    techempire
    • Website

    Related Posts

    46 Important Account-Based Marketing Statistics for the Modern Marketer

    What they are and when to use them

    Why you should enter a business case competition

    How to become a cost estimator and succeed

    Vertical solutions will emerge in 2024

    The leader in retail technology solutions

    Leave A Reply Cancel Reply

    Top Reviews
    Editors Picks

    46 Important Account-Based Marketing Statistics for the Modern Marketer

    Motion Picture Association will work with Congress to start blocking piracy websites in the United States

    Excellent Support Guide: Unlock Cloud Success

    A progressive and proven vision for digital transformation

    Legal Pages
    • About Us
    • Disclaimer
    • DMCA
    • Privacy Policy
    Our Picks

    Embracer sells majority stake in Saber Interactive in deal worth approximately $500 million

    What they are and when to use them

    Why you should enter a business case competition

    Top Reviews

    Type above and press Enter to search. Press Esc to cancel.