Certified Identity Theft Risk Management Specialist (CITRMS) Practice Exam

To adhere to the Children’s Online Privacy Protection Act (COPPA), a website must request parental consent before collecting personal information from children under the age of 13. This requirement is fundamental to COPPA’s purpose, which is to give parents control over what information is collected from their children online. By obtaining verifiable parental consent, websites ensure that parents are aware of what data is being collected, how it will be used, and that they have the opportunity to protect their children's privacy.

While ensuring data security and encryption can be important aspects of a website's overall privacy policy and data handling practices, these measures do not directly fulfill the specific requirement of obtaining parental consent outlined in COPPA. Similarly, while limiting data collection to demographic information might be a strategy some websites adopt, it does not replace the crucial step of obtaining permission from a parent or guardian before collecting any personal information from children. Therefore, the correct course of action under COPPA is to focus on parental consent.