Week 6 Assignment

Due Sunday, October 14, 2006

Privacy Statement - Part 1

Department of Workforce Development (DWD) Privacy Policy Statement

This policy explains how we handle information about visitors or clients that use the web pages and the web applications we provide.

Contact Information -

Our postal address is
201 E. Washington Avenue
Madison WI 53702

We can be reached via e-mail at webfeed@dwd.state.wi.us or you can reach us by telephone at 608-266-3131

If you want to get information about you or your company that may be in our computer systems or other records, contact us through the appropriate division staff or at the contact information given above.

In accordance with state law, DWD does not sell information or the email addresses of people who subscribe to our services. However, this is public record information and we may be required to disclose public records in response to requests.

If you feel that our web sites are not following the stated information policy, you may contact us at the above addresse or phone number.

Web Pages -

We automatically collect and store the typical information used to generate typical web usage statistics. This information helps us improve our website.
We do not use cookies nor do we collect any personally identifiable information.
If you sent us an email via our on-line email form, no data is kept or shared beyond what is necessary to respond to your request.
If you subscribed to an on-line newsletter you will only receive the information for which you provided us your address. If you do not want to receive the email newsletters in the future you can unsubscribe using the unsubscibe link within each email newsletter.

Web Applications -

The personal information collected, the method of storage, the length of time it is kept and who it is disclosed to depends on the web application you use. In no case do we share your personal information with 3rd parties. The information is only used to assist us in providing you services that you requested.
Cookies ¹ are used with some web applications but only collect information needed to complete your transactions. Some applications may require cookies in order to work. Applications that require cookies will notify you of the requirement.
Applications that collect sensitive information do so over secure https connections ².

Physical Security -

We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you on our site.

¹ Cookies are used by web servers to differentiate users and to operate in a way that depends on the user.

² https connections provide authentication and encrypted communication and is widely used on the World Wide Web for security-sensitive communication, such as payment transactions, and logons.

COPPA - Part 2

How the company UMG violated COPPA

UMG Recordings (music related websites) -

They violated the COPPA by:

Not having a clear and complete privacy policy
Collecting personal information from children under the age of 13:
- without getting prior (and verifiable) parental consent.
- without direct notification to the parents what info they were intending to collect and how it would be used.

Penalties: They were made to delete information they collected that violated COPPA, to pay $400,000 and the FTC will monitor the companies compliance.

Actions the company could have taken to prevent enforcement action

UMG should have:

Had a simple privacy policy that explains what info is being collected, who is collecting it and what it will be used for.
Had an obvious link to their privacy policy off the homepage and the children's area homepage and on any page that collected personal info from children.
Sent an email notice to the parents obtaining consent to collect personal info from their children.