PRIV- 6 Parental Consent

Estimated reading: 3 minutes 652 views

What is this control about?

Implementing the control ‘Parental Consent’ is important because it ensures that organizations handle the personal data of children in a responsible and lawful manner. Children are a vulnerable group, and data privacy regulations recognize the need for extra protection when processing their personal information. Obtaining parental consent before collecting, using, or disclosing a child’s personal data helps to safeguard their privacy and protect them from potential harm.

Available tools in the marketplace


Available templates


Control implementation

Here are some guidelines to implement a mechanism to verify age and get parental consent:

  • Understand Applicable Regulations: Start by understanding the relevant data protection regulations and laws that apply to the organization, especially those related to the collection and processing of personal data of minors. Familiarize yourself with the age threshold that requires parental consent for data processing.
  • Identify Data Collection Points: Conduct a thorough audit of all the systems, applications, and platforms used by the organization that may collect personal data from users, including minors. Identify the specific data collection points that require parental consent.
  • Update Privacy Policies and Notices: Review and update the organization’s privacy policies and notices to include clear and accessible information about the collection and processing of personal data from minors. Include details about the need for parental consent and provide instructions on how parents or guardians can provide consent.
  • Implement Parental Consent Mechanisms: Implement appropriate mechanisms to obtain parental consent before collecting personal data from minors. Depending on the organization’s operations and target audience, this could include age verification tools, email or phone verification, or online consent forms for parents or guardians to complete.
  • Verification of Consent: Ensure that the parental consent received is genuine and verified. Establish procedures to validate the authenticity of the consent provided, as it is essential to prevent unauthorized access to minors’ personal data.
  • User Account Verification: If the organization allows user accounts for minors, establish a process to verify the age of the user during the registration process. This may include additional identity verification steps or using a trusted third-party verification service.
  • Secure Data Storage and Processing: Implement robust security measures to protect the personal data of minors. Use encryption, access controls, and other security tools to safeguard the data from unauthorized access, loss, or breach.
  • Documentation and Records: Maintain detailed documentation of all parental consents received, the verification process, and any incidents related to the collection and processing of personal data from minors. Keep records of ongoing compliance efforts.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Privacy Policies and Notices around parental consent
  2. Consent Mechanisms configuration
  3. Example of a recorded parental consent

Evidence example

For the suggested action, an example is provided below:

  • Parental consent Notice form


  • Consent Mechanisms configuration

Screenshot screen

PRIV 6 2

  • Example of a recorded parental consent

This will be the completed consent form


Join the conversation

You might also be interested in

Documentation Templates

Documentation Templates are documents that provide a content outline to meet certain documentation needs....

Data Backup Plan Template

The Data Backup Plan template helps you document in detail the data backup needs...

HR-13 Employee Handbook/Code of Conduct

HR-13 Employee Handbook or Code of Conduct communicates the organization’s values and ethics. It...

AUTH-1 Single Sign On (SSO)

Single Sign On (SSO) Control is a best practice recommendation for critical systems....

Security Incident Report Template

The Security Incident Report template helps you document the steps used to assess and...

BIZOPS-6 Disaster Recovery Testing

BIZOPS-6 Disaster Recovery Testing control refers to the exercise of identifying the critical systems...

PDP-10 SDLC – Separation of environments

PDP-10 SDLC Separation of Environments is important to maintain separate environments to develop, test,...

Privacy Committee Charter Template

Privacy Committee Charter serves as a foundational document, establishing the framework for the committee's...