We are all familiar with the accommodations required of our workplaces, retail stores, and other physical spaces but how does the “public accommodation” rules in Title III of the Americans with Disabilities Act (ADA) apply to our cyber assets? This remains an open question. Jurisdictions have come to different rulings in cases brought before them related to accessibility of public-facing websites. For some guidance, we can follow the Department of Justice rulings related to Title II of the ADA as they are issued. The comment period for this issue ended last month. Title II applies to “public accommodation” in public spaces.
For companies that conduct a significant portion of their business on the Web, accessibility is an old issue and is very likely fully addressed. These companies have a financial incentive to make their websites accessible for all customers and business partners. Ordering on the Web is a major convenience for those with disabilities, as for us all. Companies like Amazon.com must have a significant number of disabled customers and therefore making their website accessible is not only the right thing to do but also good business.
What about all of the companies whose websites are more focused on marketing, information & investor relations, helping customers navigate the company services, or other purposes? How important is website accessibility in these cases? Let’s face it, just about every company has at least one website. Several real estate firms recently received a demand letter from a Pittsburgh law firm related to website accessibility according to the Washington Post. Disabled persons experienced significant difficulties shopping for real estate on these sites. For now, this is bad public relations, however, a loss in court for violating the ADA will be very costly. The article goes on to mention that “Target, Hard Rock Cafe, Home Depot and dozens of other retailers have been sued or have entered into settlement agreements.” As more law firms pursue these claims, the potential risk increases for all companies.
What can compliance professionals do to protect our companies/clients from the risk of ADA non-compliance and potential legal or regulatory action? The first step is to create awareness of this issue. Reasonable accommodations for disabled persons include providing text alongside any audio content, identifying colored text with other non-color markers like underlining or italics, providing audio as well as text, and allowing site navigation with only the keyboard for those that cannot use a mouse. Hopefully, management will understand the issues that customers, investors, vendors and others encounter interfacing with their company websites and take action to remedy the situation. In any case, the best resource to identify ways to address these issues and protect the organization from litigation is the Website Accessibility Initiative (WAI). The Department of Justice has indicated that if they do take action to define requirements, the WAI is an excellent model for these requirements. By following the WAI, your organization can certainly demonstrate that they have taken “best efforts” to reasonably accommodate all users. Compliance professional should add website accessibility to the “audit universe” so that compliance audits are considered for upcoming audit plans. They should encourage management to set objectives for website accessibility and leverage compliance programs to ensure these objectives are met.
About the Author
Glenn Murphy, the co-founder of BestGRC and founder of GRC Management Consulting LLC, primarily focuses on empowering entities to leverage their compliance activities through the BestGRC “cloud” software, his consulting work, publications, and the “Leverage Compliance” blog. Glenn provides licensee compliance audits in conjunction with Licensing Compliance Group and Penetration Tests/SOC for Cyber/SOC 2/3 Assessments in conjunction with Ra Security Systems. Find Glenn’s full profile at http://www.linkedin.com/in/glenntmurphy/, follow him @GlennMurphyGRC and subscribe to the Leverage Compliance blog at http://www.bestgrc.com/blog/