I really wanted this holiday season to be one of joy and goodwill towards all people, but it seems like the black hats will never rest. Let’s just get the ugliness out of the way: VTech – maker of tech toys for kids – has suffered a data breach that has exposed over five million customer accounts, and worse still, over six million child profiles. As per the usual, it seems that the Hong Kong company initially tried to downplay the breach by omitting any numbers or that kid’s profiles might be at risk, but eventually came clean as word began to spread. Even after announcing the number of people affected by this breach, VTech continued to spin the incident and tried to downplay the extent of data leaked, despite proof provided to the media that the data exposed included a year’s worth of chat logs and childrens’ profile pictures, which were uploaded to VTech’s Kid Connect service, a supposedly secure social media platform that parents can use to chat with their children through VTech’s tablets.
What this means for you:
It’s not clear yet when VTech (if ever) will take action and contact the affected families. Hopefully you will know whether or not you’ve purchased an internet-capable VTech toy for your child and set up the Kid Connect service. The information exposed in this hack has not been released to the internet, and the hacker behind the breach says that the info that was shared with the press to expose VTech’s poor security practices, but that’s not to say that it won’t eventually be released. As a parent, you should be mindful of any activity that involves exposing confidential information about your children on the internet (including Facebook!) and this will continue to be more important as more and more toys become increasingly sophisticated, connected and complex. According to VTech’s own admission, they were unaware of the security breach until the media contacted them for comment. As a business owner or manager, that is one nasty surprise you don’t want as a holiday gift. Make sure you have a good understanding of what confidential information you do store, and make sure it’s wrapped tight and kept safe, if it has to be kept at all.
After four years of research and debate, the Federal Trade Commission has updated the Children’s Online Privacy Prevention Act with much stricter rules that hit internet advertisers right in the moneymaker. Written originally in 1998, COPPA was enacted to protect minors under the age of 13 by requiring any company collecting data on that demographic to adhere to strict privacy protection guidelines as well as putting well defined limits on advertising and marketing targeting minors. Since 2000, when it first went into effect, the internet and online advertising has changed significantly, and the FTC has amended COPPA, over the strenous objections from the industries affected.
What this means for you:
Whether you are a parent or an organization who markets to this particular demographic, you should take a moment to understand how COPPA may impact you. The new rules have been expanded in the following ways:
- The guidelines now include a wide range of digital media and devices, including smartphones, tablets, mobile gaming devices and mobile apps.
- The definition of “Personal Information” (previously only protected was the child’s name, address and email) has been expanded to cover a larger variety of data types including: geolocation, photos, videos, recordings, screen names and cookies. Just about anything that could be used to identify or track a child has been included.
- Any organization or platform must ask permission from a parent or guardian before collecting the information, and must include links to an official privacy policy governing the use of that data.
- In the case of any organization collecting information without consent, parents and guardians have a right to receive a full description of what was collected on their child and also the right to have that info be deleted immediately.
- Targeted advertising that is based on a minor’s online data profile are no longer permitted without parental/guardian consent.
The trick, of course, is paying attention to what your child is doing online, and especially to what they are seeing onscreen. Advertisers are extremely clever, and this segment of the market is extremely valuable to them. The howls of protest will soon subside as they devise even more subtle ways to get parents to open up their wallets. Caveat Emptor!
Image courtesy of Stuart Miles / FreeDigitalPhotos.net