Whilst many schools already have
a robust data protection policy in place and have protocols to respect individuals» rights, they will need to be able to demonstrate their compliance with the regulations.
Conclusion: Among others, the «lessons» that can be gleaned from the VTech and VTech USA cases include: (i) IoT / connected toys and devices remain very vulnerable in the face of haphazard / sloppy security practices; (ii) inadequate security safeguards will no longer be tolerated by regulators, particularly when children's information or other sensitive information is involved; (iii)
robust and adequate security safeguards involve multi-level tiers of
protection per the above; (iv) vendors should never misrepresent the state of their security practices in their privacy
policies; and (iv) in a connected world, regulators are willing to work together and share
data and resources to combat «deceptive and unfair practices that cross national borders» (in the words of the FTC).