LisaFrank.com will pay fine to settle charge it violated kids` privacy rule

Lisa Frank Inc., a manufacturer of girls’ toys and school supplies that it sells at lisafrank.com, has agreed to pay $30,000 in civil penalties to settle Federal Trade Commission charges that its web site violated the Children’s Online Privacy Protection Rule and the FTC Act.

The Federal Trade Commission says Lisa Frank gathered personal information from girls without their parents’ permission before it would allow them into certain areas of the web site. The Children’s Online Privacy Protection Rule requires that web sites get verifiable consent from a parent or guardian before they collect personal information from children.

Lisa Frank says it disagrees with the FTC’s characterization of its information policies. “Compliance with the new COPPA requirements has been a top priority of Lisa Frank Inc.,” the company said in a statement it issued this morning. “We had made changes to our web site long before the settlement with the FTC was reached. Even before COPPA was passed, Lisa Frank Inc. has always been concerned with the privacy of children using our web site. We can say unequivocally that Lisa Frank Inc. has never released - nor ever will release - any information about children to any third party. In fact, we have never even used the information for our own marketing purposes.”

IRCE 2008 Conference Multi-Media CD-ROM

The FTC was responding to a complaint from the Children’s Advertising Review Unit of the Council of Better Business Bureaus. The Children’s Advertising Review Unit says it evaluated the Lisa Frank site after the Children’s Online Privacy Protection Act went into effect and found “serious” violations of the act and of the organization’s Self-Regulatory Guidelines for Children`s Advertising. It says it brought the violations to Lisa Frank’s attention, but the company did not do anything about them. The organization then filed a complaint with the FTC.

The FTC says that between April 21, 2000, when the rule went into effect, and January 2001, lisafrank.com asked girls to register before they accessed many areas of the site, including the club and shop areas. The registration form asked girls for their first and last names, street addresses, phone numbers, e-mail addresses and birth dates, as well as their favorite color and season. Although directed to children, the site did not obtain consent from parents before collecting the information, according to the complaint. The complaint further alleges that, in violation of the rule, Lisa Frank did not provide direct notice to parents about the company’s privacy practices and did not inform parents that the company wanted to collect information from their children and that prior parental consent was required.

Additionally, according to the complaint, the company failed to include in its web site privacy policy the required notices that an operator is prohibited from conditioning a child’s participation in an activity on the child’s disclosing more personal information than is reasonably necessary to participate in such activity and that parents have the right to review and have deleted their child’s personal information. Finally, the complaint alleges that the company violated the FTC Act’s prohibition on deceptive practices because lisafrank.com’s privacy policy falsely claimed that the site required parental consent for children 13 and younger and that parents would be required to fill in a registration form agreeing to the collection practices.

As part of the settlement, the FTC requires that if the company operates a child-directed site in the future, it place a hyperlink to the FTC ’s website pages about the COPPA Rule within that site’s privacy policy and on notices to parents about collection of information from children.

"Lisa Frank Inc. has always been, and remains committed to protecting the privacy of children online," the company`s statement said. "Parents are invited to visit our site at www.lisafrank.com, and we would welcome any suggestions they might have."