Be careful if your business collects personal information from children under the age of thirteen- generally, most businesses do not want this type of information for a very specific reason. Congress enacted the Children’s Online Privacy Protection Act (COPPA) in the late 90's. COPPA applies to opperators of commercial websites and online services (including mobile apps) directed to children under thirteen that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under thirteen.
Operators covered by the Rule must:
(2) provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children;
(3) give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);
(4) provide parents access to their child's personal information to review and/or have the information deleted;
(5) give parents the opportunity to prevent further use or online collection of a child's personal information;
(6) maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and
(7) retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.
Check out the Federal Trade Commission's helpful website, here, on Complying with COPPA for more information.