Posted December 26, 2013
Note: From time to time, our customers ask us for research and recommendations on topics that may not appear at first glance to be directly related to cyber security and Threat Intelligence:
Evidence-based knowledge about an existing hazard designed to help organizations make inform decisions regarding their response to the threat., but which can nonetheless have an impact on their corporate policies, their websites, and how they conduct business securely. One recent question was regarding the ADA rules and how changes in 2014 may impact corporate websites, and we thought we’d share our response. The following is not intended to be legal advice, but it is something you may wish to consider.
Since 2010, the Department of Justice (DOJ) has been developing rules for web access under the Americans with Disabilities Act, also known as the ADA. The ADA is an “equal opportunity” law designed to prohibit discrimination against people with physical or mental disabilities and guarantee them the same opportunities to obtain employment, to purchase goods and services, and to participate in government programs and services as people without disabilities. When the ADA became law in 1990, the public Internet did not exist. However, the explosive growth of the Internet has drastically changed how employers, retailers, and government do business.
In July 2013, the DOJ announced they were splitting the proposed ADA rules related to the Internet into two parts. There have been some delays, but the DOJ is expected to issue its Title II accessibility rules pertaining to websites operated by state and local governments by the end of this year. Additional Title III regulations are anticipated to be released in the spring of 2014 that will govern many consumer-facing websites, including those operated by retailers, financial institutions, and hospitality providers.
Litigation regarding website accessibility filed on behalf of people with disabilities has thus far hinged on what constitutes a place of public accommodation. In 2006, the National Federation of the Blind filed a lawsuit against Target because its website was inaccessible to blind people using assistive technology. The case was decided in favor of the plaintiffs, with the judge deciding that the ADA requirements applied to websites that serve as “gateways” to brick and mortar stores. In 2012, the National Association of the Deaf sued Netflix for not providing closed captioning for its Internet video subscribers. The federal judge who decided this case was the first to rule that the ADA’s accessibility requirements also apply to Internet-only businesses. In light of these rulings and the Title III regulations anticipated to be released this spring, prudent organizations that want to get ahead of the curve of possible ADA requirements should ensure corporate websites are accessible now, or if not, then develop a plan to address this.
WebAIM, a nonprofit organization that provides Internet accessibility training and consulting, recommends the Web Content Accessibility Guidelines (WCAG) prepared by the World Wide Web Consortium (W3C). These guidelines dictate that websites be made:
- Provide text alternatives for non-text content.
- Provide captions and other alternatives for multimedia.
- Create content that can be presented in different ways,
including by assistive technologies, without losing meaning.
- Make it easier for users to see and hear content.
- Make all functionality available from a keyboard.
- Give users enough time to read and use content.
- Do not use content that causes seizures.
- Help users navigate and find content.
- Make text readable and understandable.
- Make content appear and operate in predictable ways.
- Help users avoid and correct mistakes.
- Maximize compatibility with current and future user tools.
The anticipated DOJ regulations over the next several months will require technical changes and may alter how companies do business on the web. Being educated about the needs of disabled customers and making accommodations to corporate websites in advance of any DOJ requirements – and keeping in mind your information and corporate security needs and requirements – has multiple benefits. Organizations that do so will be ahead of the curve in meeting potential regulations, will mitigate the risk of being the target of lawsuits, and may find there are market benefits in being able to meet the needs of their disabled customers better than their competitors.