As data analytics become increasingly important for businesses, the collection of data has become a standard of operation. It has become such a mainstream that even electronic toys created for children may be programmed to collect personal information that could be used for future marketing and analysis. However, this information may be collected without obtaining parental permission, which could lead to significant liability.
According to a recent businessinsurance.com report, Hong Kong based toymaker VTech agreed to settle charges raised by the U.S. Department of Justice that it failed to obtain verifiable consent from parents before collecting information about children who use their products. Essentially, the Federal Trade Commission (FTC) alleged that VTech’s Kid Connect application collected personal information from hundreds thousands of children without parental consent or even notifying parents that such information was being collected.
The FTC also claimed that VTech failed to take adequate steps to secure such information, and that it provided misleading information about its security protocols. In fact, hackers were able to infiltrate VTech’s system and take personal information from a number of customers, including names, photos and email addresses.
VTech denies the notion that parents were unaware that personal information was being collected. It further claims that it only collected information to enable children to communicate through VTech platforms. Further, it denies that it sold such information or made it available to third parties.
Nevertheless, the story is an example of why businesses need strong legal counsel to defend them in the face of potential lawsuits.