How to Respond to Online Privacy and Security - A Guide for Parents

For kids, innovative wireless services and devices offer incredible opportunities to learn and play. For parents, understanding how kids’ personally-identifiable information may be used is an important part of how kids use wireless. For the wireless industry, privacy and security is vitally important for all of its customers, especially for kids.

CTIA and its member companies have taken steps to make sure consumers have choice and control over their privacy and security. For example, privacy policies describe how personally identifiable and non-personally identifiable information may or may not be used and ways to manage the use of this information. Password protecting services, devices and applications, such as voice mail, banking and in-app purchases, assures sensitive information isn’t used without permission. In addition, many wireless devices and applications provide pop-up or icon notifications when location information may be used.

When consumers use wireless devices and services, it’s helpful to know the types of information that can be transmitted through wireless devices and services. Generally, information can be personally identifiable or non-personally identifiable.

  • Personally identifiable information, such as a name, address, or birth date, is protected by various laws and industry best practices.
  • Non-personally identifiable information is data that may be needed to authenticate (e.g., cookie) a device to use a service, but is generally anonymous and not specific to a person. 

For example, people choose to share personally identifiable information with friends through social network applications while wireless devices may share non-personal information to confirm the device or service to help the application work faster for the user.

For parents, understanding how to keep kids’ personal wireless information safe and secure is the key to maintaining privacy and security. Here are a few tips to help parents who want to learn more about wireless privacy and security:

Know the Rules for Protecting Kids' Online Privacy

  • The primary goal of the Children's Online Privacy Protection Act (COPPA) and the COPPA Rule is to place parents in control over what information is collected from kids under 13 years old while accounting for the evolving open Internet. 
  • For kids 13 and older, parents and kids need to have a dialogue about privacy issues, including the family rules on what information may and may not be shared.
  • Federal rules also require wireless service providers to protect the telecommunications (e.g. voice call) records of all consumers, including kids, regardless of age.
  • Wireless service providers may use personal or location information to aid in delivering 911 calls or to comply with legitimate law enforcement requests.

Use Privacy Policies, Ratings and Settings for Devices, Services, Apps and Other Content

  • Privacy policies and application ratings are a great place to learn about privacy issues. A privacy policy can help parents understand how to manage the way kids' personal information is collected and used. In addition, ratings can help parents determine whether an application is age appropriate for kids.
    • Parents and kids can learn a lot about how a service, device or app works simply by reading a privacy policy BEFORE visiting, downloading or using a device, application or website.
    • To help parent's determine whether an application is age-appropriate, including whether the application collects personal or location information, the CTIA Mobile Application Ratings System with ESRB encourages participating application developers to consider whether the application allows sharing of a user's location or personal information when rating an application.
  • Next, find and use the privacy settings that are included in the service, device or app. In many cases, applications (e.g., social networks, games, etc.) may have their own privacy settings that use or enhance the privacy settings built-in to a wireless device.
  • Passwords can also help secure personal information on a cellphone, especially if the device is lost or stolen. CTIA offers step-by-step video instructions on how to use the password features for Android (Google), BlackBerry, iOS (Apple) and Microsoft Windows phones.

Understand How Location Based Services (LBS) Work

  • Wireless location based services (LBS) offer great opportunities for family and social connections, shopping, entertainment and safety. People use LBS to find the closest restaurants or directions when lost, but parents may use LBS to know how, where and when kids are traveling to and from school or a friend's house. For more information on LBS or these kinds of parental monitoring features, contact your wireless service provider.
  • Certain wireless services and apps also allow parents to specify when location information can be used on a kid's cellphone, except in emergency situations when location information must be used, such as calls to 911 or Wireless Emergency Alerts).
  • In addition, CTIA's LBS Best Practices are based on the idea that consumers should have notice and consent before sharing location through LBS (e.g., app, content, etc.).
  • The important thing to remember is that parents and kids need to agree on how to deal with privacy and security issues by setting the rules that are right for each family. CTIA's family rules template is a good way to start that conversation. For example, kids should alert parents when they use LBS and parents should alert kids when they use a location monitoring service on the kids' cell phone or device.

CTIA and its members take privacy and security seriously. CTIA’s member companies comply with applicable rules and regulations, participate in voluntary industry guidelines and develop coalitions to educate consumers about safety and privacy.

Here are a few highlights of how CTIA’s member companies are complying with rules or voluntarily protecting the safety and privacy of kids and consumers:

  • Children’s Online Privacy Protection Act of 1998 (COPPA)
    • The primary goal of the COPPA Rule is to place parents in control over what information is collected from kids under 13 years old while accounting for the evolving open Internet.
    • The COPPA Rule applies to “operators” of commercial websites and online services directed to kids under 13 that collect, use or disclose personal information from kids and operators of general audience websites or online services with actual knowledge that they are collecting, using or disclosing personal information from kids under 13. 
    • The COPPA Rule requires that covered operators covered must:
      • Post a clear and comprehensive privacy policy on their website describing their information practices for kids’ personal information;
      • Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information from kids;
      • Give parents the choice of consenting to the operator’s collection and internal use of a kid’s information, but prohibiting the operator from disclosing that information to third parties;
      • Provide parents access to their kid’s personal information to review and/or have the information deleted;
      • Give parents the opportunity to prevent further use or online collection of a kid’s personal information;
      • Maintain the confidentiality, security and integrity of information they collect from kids.
    • In addition, the COPPA Rule prohibits covered operators from conditioning a child’s participation in an online activity on the child’s providing more information than is reasonably necessary to participate in that activity.
    • The Federal Trade Commission (FTC) brings law enforcement actions when appropriate to deter violations of COPPA. Parents may submit complaints to the FTC through its website and toll free number (877) FTC-HELP.
    • Parents should always review, understand and consent to how applications and services will use their kids’ personal information.
  • CTIA’s Consumer Code for Wireless Service
    • Wireless service providers subscribing to CTIA’s “Consumer Code for Wireless Service” have adopted and published their privacy policies. Those policies explain the service provider’s information practices to consumers, in accordance with applicable federal and state laws.
    • Parents should review and understand a wireless service provider’s privacy policies before providing their kids with cellphones or wireless devices.
  • CTIA Mobile Application Rating System with ESRB
    • CTIA, participating member companies and the Entertainment Software Rating Board (ESRB) developed the CTIA Mobile Application Rating System. The system, an extension of the CTIA Content Guidelines, provides easy to understand, uniform ratings for mobile applications based on the ESRB’s existing classifications for computer and console video games to help parents decide whether an application is appropriate for their kids. As part of the ratings system, application developers may provide information about their app’s privacy usage and requests, such as personally identifiable information (PII) or location information. AT&T, Microsoft, Sprint, T-Mobile USA, U.S. Cellular and Verizon Wireless are founding app storefronts that are participating. 
    • Parents should look for application ratings before letting their kids download and use apps.
  • CTIA's Best Practices and Guidelines for Location Based Services (LBS)
    • CTIA and its members developed the “Best Practices and Guidelines for Location Based Services” to promote and protect a wireless consumer’s location information. Specifically, CTIA’s Guidelines ensure consumers have Notice & Consent on the use of location information.
      • Notice: Participating LBS Providers must make certain that users are informed about how a user’s, including children, location information will be used, disclosed and protected so the user may decide whether to use the service. As part of the family agreement, parents and kids should agree that kids need to ask permission to use a location based service.
      • Consent: LBS Providers must have user consent to the use or disclosure of location information before turning on the LBS, except for special emergency circumstances. Parents have control on whether their children can use location based services or features.
  • Customer Proprietary Network Information (CPNI) Rules
    • Generally, the FCC requires wireless service providers to protect their customers’ telecommunications (i.e. voice call) information from disclosure without the customer’s consent. 
    • CPNI includes information that relates to the quantity, technical configuration, type, destination, location and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship and information contained in bills pertaining to a telephone service received by a customer of a carrier.
    • To prevent unauthorized access to this information, customers will usually have to give a password or confirm their identity when calling a company’s customer service representatives.
    • Parents should work with a wireless service provider to set passwords that protect kids’ telecommunications usage, such as telephone numbers and voice mail.

Additional Resources

  • FCC Parents’ Place provides information about how to improve your children's safety in today's complex media landscape, and what the FCC is doing to help.
  • Federal Trade Commission is the nation’s consumer protection agency and offers information focused on protecting children’s privacy.
  • Future of Privacy Forum is a think tank that seeks to advance responsible data practices.
  • Mobile Marketing Association (MMA) represents the mobile marketing chain and provides a set of privacy policy guidelines for mobile apps.
  • OnGuardOnline.Gov is a coalition of federal government agencies and the tech industry that created Net Cetera, an online safety guidebook for parents to help communicate with their children about using their mobile phones safely and responsibly. 
  • The Wireless Foundation offers an innovative game app called “BeSeen” to raise cyber awareness and digital literacy in kids before they face the risks of cyberbullying, identity theft and privacy invasion and to guide them towards being responsible online citizens. “BeSeen” is available for Apple's iOS and Google's Android.
  • TrustE is an online privacy solutions provider that offers privacy services to help businesses gain trust through transparency of privacy policies, choices for consumers and accountability.
Parent's Practice: Gain some experience checking privacy policies by reading Growing Wireless’ privacy policy.

Start Now >