Under the policy statement, companies must: Limit collection, use, and retention strictly to age verification; Provide clear notice;
Maintain reasonable data security; Ensure third-party vendors protect the information; and Use reasonably accurate age-verification methods.