The co-founders of the Bi-Partisan Congressional Privacy Caucus want to caucus, at least remotely, with digital educational toy company VTech execs over what data it collects on kids and how it protects sensitive information, or in this case, doesn't protect it.
Sen. Ed Markey (D-Mass.) and Rep. Joe Barton (R-Tex.) have sent a letter to the company in the wake of reports its customer database was hacked, including names and birthdates of kids, as well as mailing and e-mail addresses and download histories from customers. The company said almost 3 million children's profiles and over 2 million parents accounts were affected in the U.S. alone. The company conceded its database "was not as secure as it should have been."
VTech said that on Nov. 14, an "unauthorized party" accessed customer data housed on its Learning Lodge app store database, which "allows our customers to download apps, learning games, e-books and other educational content to their VTech products." "We are committed to protecting our customer information and their privacy, to ensure against any such incidents in the future," the Hong Kong-based company said. That includes disabling affected Web sites. To check out VTech's most recent FAQs on the breach, click here.
The legislators said the breach raises concerns about how the company is complying with COPPA, the Children's Online Privacy Protection Act (which Markey helped motorman). COPPA gives parents tools to control the privacy of their kids online.
The legislators gave the toy company until after the holiday season--Jan. 8-- to respond to a raft of questions, including what data its digital toys collect, whether and how that is shared with third parties or data brokers, just what info was stolen in the breach, what steps it is taking to avoid a future breach, and how it alerts affected customers.