• Pictures of campers posted online
• An online camp newsletter that include campers' names (or other information)
• Contests, raffles or games that require users to provide information to play
• Message Boards and/or Chat Rooms (including "guest books")
• Allows users (of any age) to sign up for an emailed newsletter
• Allows users (of any age) to contact camp via email or webform
• (the list goes on…)

• PROMINENTLY post a link to your privacy policy on your website home page and on any page where personal information is collected.
• Password protect any part of your website where pictures or other personally identifiable information (e.g., pictures, full names) is displayed.
• Ask for the user's age whenever data is collected.
• Get verifiable parental consent before using data collected from children under 13. COPPA is very specific on how to do this and it is not easy. You typically need a signed letter or fax, a valid credit card number, or a toll free telephone number that a parent can call with a operator available and trained to determine if the caller is in fact an adult.
• Allow the parent to review information submitted by the child and delete it if they so request.
• Monitor message boards and chat rooms so that no submissions from children under 13 are posted live without review (to ensure that they do not inadvertently reveal their personally identifiable information). Alternatively, you must prevent children under 13 from using Message Boards and Chat Rooms.
• At the same time, you cannot condition the child's participation in the website on collection of more information than is reasonably necessary.

• You may use an email address provided by a child under 13 once to answer his or her specific questions. After you respond, the information provided must be deleted.
• If the child was writing to subscribe to an email newsletter, you can use the email address to email the newsletter as often as it comes out. The parent must still be notified and, if he or she objects, the child's information must be deleted. Furthermore, the information can only be used for the email newsletter subscription and must be deleted when the subscription is cancelled.

Many providers incorrectly assume they are in substantial compliance with the spirit of COPPA because they subsequently contact the parents or guardians of the children from whom they have collected data….

If such behavior is representative of a significant sector of a particular industry (such as summer camp providers) and presented to the Federal Trade Commission, a formal exemption from COPPA may be granted. However, without such a grant, the aforementioned activity is clearly unlawful. [emphasis added]

I wasn't too concerned about posting pictures of the camp facilities online even if there was a child in the photo but when parents asked me to put the camp newsletter online and to post pictures of children on the website while they were at camp for them to see, I got nervous. Even if COPPA weren't an issue, I wouldn't want any random stranger to have access to that information. I knew I had to password-protect these things but I also knew I couldn't spare the time or money to build anything like that. Luckily, Bunk1.com came along around the same time so I outsourced this to them. Not only is their solution COPPA compliant, it's easier to use than anything I could have come up with on my own. They even handle the customer service calls!