New Posts  All Forums:Forum Nav:

The full Birthdate requirement

post #1 of 13
Thread Starter 

In the "farewell sweet site" thread one of the EpicSki team mentioned that the full birthdate doesn't display to others when viewing a profile.

 

That's not the point of my objection. My objection is that EpicSki is requiring and storing this personally identifiable information (or Customer Sensitive Information: CSI as we call it at BigFinancialCo) for no good reason. Having the option not to store birthdate at all, plus the option to store only Month/Day without year of birth, was fine in the old software.

 

The risk may be minimal, but given that larger and more tech-savvy firms than EpicSki have had data theft issues, I think this requirement should be removed at once.

post #2 of 13
Quote:
Originally Posted by MarkXS View Post

In the "farewell sweet site" thread one of the EpicSki team mentioned that the full birthdate doesn't display to others when viewing a profile.

 

That's not the point of my objection. My objection is that EpicSki is requiring and storing this personally identifiable information (or Customer Sensitive Information: CSI as we call it at BigFinancialCo) for no good reason. Having the option not to store birthdate at all, plus the option to store only Month/Day without year of birth, was fine in the old software.

 

The risk may be minimal, but given that larger and more tech-savvy firms than EpicSki have had data theft issues, I think this requirement should be removed at once.

 

Mark, this is to comply with the new COPPA laws (as I understand it). We don't display that to anyone.

post #3 of 13

Websites are required by law to ensure that users are more than 13 years of age (http://www.coppa.org/comply.htm) and if you registered on Epic in the past 12 months (which I understand you did not) then you would have been required to enter your full birthday during that registration. The same policy exists on virtually every discussion forum I have seen ever participated on and is a measure to limit the liability of the sites - many have paid fines in excess of $400k (http://en.wikipedia.org/wiki/COPPA)

 

EpicSki is obviously not targetted towards children, just trying to explain why the precaution is in place.

post #4 of 13

Why do users have to be over 13?  It's not like this is a sex site, nor are we selling lottery tickets.  Most sites don't even have user registration, so obviously it doesn't apply to ALL websites, contrary to your first sentence.  And once a kid enters his birthdate, finds you won't accept him, and then just changes the year, he's in.  So what kind of guarantee is that?  Such flimsy due diligence on the part of a site is just useless.  Reading the Wiki just says that this is only for when you are collecting information about people.  Maybe if you didn't collect information, you wouldn't need this.


Edited by sibhusky - Sun, 01 Feb 09 21:59:57 GMT
post #5 of 13
Quote:
Originally Posted by sibhusky View Post

Why do users have to be over 13?  It's not like this is a sex site, nor are we selling lottery tickets.  Most sites don't even have user registration, so obviously it doesn't apply to ALL websites, contrary to your first sentence.  And once a kid enters his birthdate, finds you won't accept him, and then just changes the year, he's in.  So what kind of guarantee is that?  Such flimsy due diligence on the part of a site is just useless.  Reading the Wiki just says that this is only for when you are collecting information about people.  Maybe if you didn't collect information, you wouldn't need this.


Edited by sibhusky - Sun, 01 Feb 09 21:59:57 GMT

 

If the user is 13 or younger, we would have to comply with COPPA's requirements, which are quite onerous. We aren't going to do that, so the users have to be over 13 and we have to collect the information to show that we are addressing that.

post #6 of 13

Bogus. 

post #7 of 13

So don't put the right date in.

post #8 of 13

I don't know the right date. I was born in the back seat of a car 'round midnight. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

No post left unedited!


Edited by telerod15 - Mon, 02 Feb 09 01:14:51 GMT
post #9 of 13
Quote:
Originally Posted by telerod15 View Post

Bogus. 

 

What exactly is bogus?

post #10 of 13

If the user is 13 or younger, we would have to comply with COPPA's requirements, which are quite onerous. We aren't going to do that, so the users have to be over 13 and we have to collect the information to show that we are addressing that.

 

There is NOTHING requiring you to record and store personal information for users over 13.  If you seek safe harbor under COPPA, there are record-keeping requirements...which is why you don't do that.

 

I look forward to someone from epicski showing me where in the COPPA Final Rule or subsequent caselaw it has become necessary that you need to know my birthdate for any purpose other than to prevent me from registering as a young child.  Once you've ensured I'm over 13, you have no further requirement to store any data.

 

Mark is absolutely correct, this data should not be required.  The result of its requirement is that I've put garbage data in those forms.  I suspect I'm not the only one.

post #11 of 13
Quote:
Originally Posted by Garrett View Post

 

Mark is absolutely correct, this data should not be required.  The result of its requirement is that I've put garbage data in those forms.  I suspect I'm not the only one.


 

Garbage data Garrett?  Then you won't get that Happy Birthday email from Epic on your bday!

 

Seriously though.  I thought the only requirement was that the user acknowledge and confirm that (s)he are 13 years old or older upon registration.  It just seems a bit overkill to require a full birthdate.

post #12 of 13
Quote:
Originally Posted by Magnus_CA View Post
Quote:
Originally Posted by Garrett View Post

 

Mark is absolutely correct, this data should not be required.  The result of its requirement is that I've put garbage data in those forms.  I suspect I'm not the only one.


 

Garbage data Garrett?  Then you won't get that Happy Birthday email from Epic on your bday!

 

Seriously though.  I thought the only requirement was that the user acknowledge and confirm that (s)he are 13 years old or older upon registration.  It just seems a bit overkill to require a full birthdate.

 

This was a requirement in vBulletin, too, so although we noticed it during testing, we left it since vBulletin requires it, too. I have been advised that this is required for COPPA. We will look into the legal requirements and also into what it would take to adjust this.

post #13 of 13

Garbage data Garrett?  Then you won't get that Happy Birthday email from Epic on your bday!

 

Yup, I should go change it so that it has my correct day and month at least. When I'm confronted with forms that ask for personal information for no good reason, filling them out incorrectly is a learned response...

New Posts  All Forums:Forum Nav:
  Return Home