on February 27, 2020 website

How Do I Know If My Site Is Breaking The Law?

ADA Website lawsuit filings are among the fastest-growing cases over the past few years. The American with Disabilities Act (ADA) requires that all websites, the same as they do your physical location, remove any barriers for people with disabilities. The most affected industries are retail, food service, travel, real estate, and entertainment. Even our beloved Beyonce became the defendant in a class-action lawsuit alleging violating ADA website guidelines. 

via Giphy

Yeah, we agree, Janice! If you think your business is off the hook because you aren't music royalty OR your business isn't in one of the top industries, I think you're taking this too lightly. There is no such thing as having too small of a business. You may think you're not a blip on someone's radar, but the reality is that you're rolling the dice with what could turn into tens or hundreds of thousands of dollars in demands, litigation, and development costs. Small businesses across the United States are being targeted and reviewed on their ability to comply with the standards of WCAG 2.1, the latest version of Web Content Accessibility Guidelines). If that isn't terrifying enough, some companies are even being sued more than once! It's time to get in the know.

We recently dropped an episode of the Generation Social Media Podcast featuring Jeana Goosmann of Goosmann Law Firm on this very topic. Our inboxes were flooded with questions and feedback. So I wanted to walk through some of the topics, question-by-question, and expand what I've learned.

 

Can you help us translate and define web accessibility?

Jeana Goosmann: Websites need to be ADA compliant and have accessibility built into them these days. So, what that means is that somebody with a disability needs to be able to surf that website and be able to figure out what it says, even if, for example, they are blind.

Additional Context: According to ada.gov, the federal act requires businesses' websites to offer "reasonable accessibility" to people with disabilities. The law may be a little grey, but the enforcement has still been very real. ADA includes a private right of action, which could be brought on by individuals or even a class action lawsuit. The filings are growing at a substantial pace.

Here are some of the most famous cases that made headlines:

Supreme Court Hands Victory To Man Who Sued Domino's
Burger King Class Action Says Fast Food Chain's Website Violates ADA
Court Rules Against Dunkin Donuts In ADA Website Case
Netflix Settles ADA Case Regarding Captions

 

What are the basic Web Accessibility Standards?

Jeana Goosmann: If there is a picture on there, it needs to have a caption so that a reader would be able to read it. Or another example, if there's flash, it needs to make sure that it goes through it at a rate that somebody would be able to figure out what's going on even if they have a disability.

Additional Context: There are many principles, guidelines, criteria, and techniques for WCAG 2, which makes the whole rule extremely confusing. In fact, just take a peep at the Quick Reference. "Quick" seems laughable as it took me six scrolls to get to the bottom; what about you? Here are some of the tips that are easy to explain.

  • All images or media content has to have alternate text so that it can be read by a reader.
  • All audio and video media need an alternative way to consume the content.
  • The structure of your site needs to be easily predetermined by the user. You can't make it hard for someone to know "what's next" on the site. An example of this is scrolling layers or navigating through a site via scrolls in different directions vs. the standard navigation web.
  • The color of the site and it's contents must be distinguishable enough for someone who is visually impaired to read the content. Color AND contrast!
  • It's essential to give enough time and make sure it's adjustable to any content that is animated, auto-updating, or flashes. 
  • Your pages need to have titles that describe the topic or purpose of the page.
  • I'd eliminate any toggled or accordion content now. Those are not easily accessible by readers.
  • I could go on and on.. literally. Read more here.

 

Why is this such a big topic right now?

Jeana Goosmann: Lawsuits are increasing on this. Some attorneys prey upon websites and, in particular, smaller businesses because they know that they aren't going to have the same sophisticated, prominent legal counsel that has issues with their website. They're going out, and they're targeting them with the view of potentially suing them to get a judgment and recovery for their client. For example, just a few years ago in 2017, there were 800 lawsuits of law of this kind and then just a year later there were over 2,200. It's going up exponentially because people are successful with this because it's a real issue happening all over the country, not just in California, but even in small to mid-size markets, of all business types. It's something that people need to put on their radar screen and be aware of. It's a good idea to have these more current polices on your site.


Beth Trejo: Just to be able to service and have an amazing customer experience for all types of people that may be coming to your website. Yes, there are obviously legal rules, but also want to be inclusive to everyone.

 

What is the reality of violating these guidelines?

Jeana Goosmann: It starts with a demand letter. If you're the business leader, you could get an email in your inbox, or your registered agent could get a message served upon them. That demand letter from a lawyer could state that their client was not able to access these functions and that they have this particular disability, and as a result, they think that you have violated these different laws and demand that you pay them.

Class actions against more prominent companies (what you see in the news or social media). For example, Target paid a settlement of over 3.5 million dollars in a national class action.

Additional Context: There are a ton of rumors and a lot of numbers being thrown about on the average cost of violating the ADA Website Guideline. The reality is, the numbers are all over the place because the violations have been inconsistent. I've personally heard numbers from $10,000 settlements all the way up to $1.5M settlements. I really like the way TheNextWeb broke down potential costs in this article on "the cost of ignoring accessible web design." And that doesn't even include all of the lawyer fees. Then, after resolving the complaint, then you have to fix your site. That's where you'll really discover whether or not starting from scratch is a better way to go.

 

If I’m a business that does not have in-house counsel, what should my next steps be to get the conversation started on this?

Jeana Goosmann: Be proactive and consult with somebody. Figure out how to get a new site that might be compliant with these laws, and that would have a compliance plan and policies associated with these current laws today, making sure you're up on existing technology. It's always less expensive in the long run than it is to be reactive and wait until you get one of those demand letters in the mail.


Additional Context: Honestly... I'd just listen to the expert in this scenario. First, consult with your legal advisors and then bring your web development team to the table. You may even need to bring your IT group in on it.

 

Are Privacy Policies legally required in the United States?

Jeana Goosmann: There's no one federal law that covers this topic; different states have different requirements on the privacy policies of what they would require. Still, websites can be accessed from all over, you can't tell who's going to be on your website, and a lot businesses do business in more than one state, so you don't want to comply with your home state. There are special laws in different areas and in different industries too. For example, if you're collecting data from children (under the age of 13) or in the financial or healthcare industry.

Additional Context: The answer to this question is yes and no, as Jeana covers. Here are a couple of laws you DO need to know about. The CalOPPA includes commercial websites and makes it required to have a privacy policy. Similarly, the CCPA adds many more demands on businesses' sites. The GDPR may have been born and thriving in the European Union but we're already seeing remnants of it's policies starting in the United States. I'd keep an eye on how this regulation evolves over time.

 

What is a Privacy Policy, what does it “protect you from or clarify for your users”?

Jeana Goosmann: Generally, lays out the information that you collect, how you use the information, what information you share with third parties, how you store and secure the data, and if you use cookies.

Additional Context: Chances are you've had a privacy policy update on a site or platform you use in the last 24-hours. The crazy thing is that most consumers don't even read them, which is kind of terrifying. Because now, consumers and visitors are demanding privacy and transparency, which I definitely appreciate. But Privacy Policies are another one of those guidelines that are a little confusing. They're written in terrible vernacular but seem so so aggressive and finite. I really love this interactive piece by the NY Times where they line up over 150 privacy policies to see how understandable they really are.

 

The California Privacy Act (CCPA) is a little confusing because it’s specific to California. Can you explain WHO needs to comply with this law? (if your business serves California residents)

Jeana Goosmann: It applies to businesses that do business in California that collect personal information and if they determine that the purpose or means of processing the personal information still applies and if they do business with others. If you do any business whatsoever in California or with others that do business in California, this could capture you. Also, if they have annual gross revenue in excess of $25 million or if they participate in the business of buying, selling, sharing, or receiving personal info and or if they get at least 50% of their revenue from selling personal information.

In 2018, California passed a Consumer Privacy act that closely resembles the GDPR that was put in effect in European Unions. The law officially went into effect on January 1st this year.

 

What happens if your company is not in compliance with the CCPA?

Jeana Goosmann: Fines and penalties. And they can be huge. For example, statutory laws, the damages could be $100 to $750 per consumer, per incident, unless the actual damages are even greater. So, if you are collecting data and you have a lot of visitors to your site and you’re getting a lot of cookies, those can add up really fast. 

Additional Context: Here are some ideas on determining the price tag of violating CCPA. Same as all of the other policies, factors and costs will vary on the severity of the violations. Compliance Week project overall CPA costs at $55 Billion.. yeah, billion - with a B!

 

Small businesses are turning to free online generators for a lot of these written policies. I’ve seen some scary small print on those templates, but can you explain why you would or would NOT recommend using online templates or generators?

Jeana Goosmann: Buyer beware! A lot of times what you find on the internet is worth what you paid for, which if you didn't pay for it, it might not be worth anything! You have to be aware of when you're just pulling content off the internet for use and hoping that it's going to cover you. There are a lot of different circumstances that may apply to your business that you might not be aware of. Circumstances you might not catch if you're just using an online form.

Additional Context: I totally agree with Jeana on this one. If you're thinking, of course, that's what she would say, she's an attorney, let me give you some additional context. I started clicking through some of the free generator site and review the policies line by line. Here are some crazy things that I saw.

  • The fine print showed that the site generating the policy had the right to access ALL data on any site that used the policy.
  • One generator even included a line that said this entire policy was invalid because it's "simply made up."
  • Some generators copy and pasted policies from Facebook, Google, and other major websites. How do I know? Their business were still listed as the organization in operation.

Generators have no idea what third part pixels your site is using. Take a look at the requirements of those pixels: Google Analytics, Facebook, Google Ads. Make sure you're covering all of the details you're collecting. Better safe than sorry. Don't take my word for it, I'm not a lawyer. Please seek legal advice on deciding what is best for your organization.

 

The best defense to any and all of these web laws is compliance. Paying up front for legal advice is always going to be a better play than chasing down a lawyer after you got an email demanding money. I hope this helps clear up some of the questions you have. If your mind was blown, as was mine, let's talk more in-depth. You can email me anytime at kelsey@chatterkick.com to set up a time to chat or grab a coffee. I'll leave you with some tools to look at when you start your compliance journey.

1. Userway.org Widget
2. WCAG 2.1 Guidelines
3. Evaluation Tool // understanding Evaluation Tools
4. Levels of Compliance
5. Tips for Developing
6. Accessibility Checker Chrome Plugin

 

 

Kelsey Martin

Kelsey Martin, our Chief Operations Officer, is a Chatterkick OG with a passion for social advertising that most would describe as complete infatuation. She knows first hand that good content is only effective if it can get in front of the right people at the right time, and her experience in analytics, social media advertising, and impactful design ensures it all turns together like a well-oiled machine. Vroom.