A complaint by the DOJ and FTC stated that the Kid Connect application by VTech collected children's information in violation of COPPA and failed to adequately protect it. Among other failings, the privacy policy for the company promised to encrypt the information and never did.
In addition to the $650,000 penalty, in the settlement VTech must implement a comprehensive privacy and data security program that is audited by an external third party every two years.
This serves as a reminder to companies that personal information, especially children's information is very much on the radar for regulators.
Electronic toy manufacturer VTech Electronics Limited and its U.S. subsidiary have agreed to settle charges by the Federal Trade Commission that the company violated a U.S. children’s privacy law by collecting personal information from children without providing direct notice and obtaining their parent’s consent, and failing to take reasonable steps to secure the data it collected. VTech will pay $650,000 as part of the settlement with the FTC.
unknownx500
