A complaint by the DOJ and FTC stated that the Kid Connect application by VTech collected children's information in violation of COPPA and failed to adequately protect it. Among other failings, the privacy policy for the company promised to encrypt the information and never did.
In addition to the $650,000 penalty, in the settlement VTech must implement a comprehensive privacy and data security program that is audited by an external third party every two years.
This serves as a reminder to companies that personal information, especially children's information is very much on the radar for regulators.