Website Compliance: Key Costly Legal Risks Every Business Should Consider

Laptop screen with sticky notes used to layout a website design

A recent statistic posted by Sweor states that 75% of consumers admit to making judgments on a company’s credibility based on the company’s website design.

During COVID, many companies were forced to digitize their entire business model, becoming reliant on their websites and other online platforms to retain employees, revenue, and market share.

Consequently, companies have to invest substantial time and resources into making their website a significant revenue driver (and will continue to have to do so for the foreseeable future), but what precautions should these companies implement to ensure their website isn't also increasing their business risks and liabilities?

This month, attorneys Angela Doughty, CIPP/US, Peter McClelland, CIPP/US, and Erica Rogers discussed how companies could avoid website compliance issues and the resulting legal costs, including ADA compliance lawsuits; privacy implications and disclosures; and trademark and copyright demands.

ADA Compliance Lawsuits – Angela Doughty, CIPP/US

Most companies are surprised to learn that the Americans with Disabilities Act (ADA), which was enacted to prevent discrimination against people with disabilities in locations generally open to the public, also applies to their websites and other digital platforms such as mobile sites and mobile applications.  The applicability of the ADA to online places of accommodation is to ensure that people with disabilities (blindness/low vision, deafness/hearing loss, limited movement, etc.) have the same level of access to online content and services as everyone else.

ADA website compliance litigation is a surprisingly regular occurrence and is expected to rise as consumers become more and more reliant on websites and mobile applications to conduct business. Cases of enforcement span a number of industries – Real Estate (Zillow®), Retail (Banana Republic®), Entertainment (Beyoncé), and Restaurants (Domino's Pizza®) to name a few recognizable, well-defended defendants – and many resulted in federal fines and compulsory ADA compliance.

While there are plenty of lawsuits around website accessibility, there are not any legislative standards that directly set out the specific requirements.  There are, however, a set of private industry standards, developed by technology and accessibility experts, called the Website Content Accessibility Guidelines ("WCAG") that have been widely adopted, including by federal agencies. The current guidelines are the WCAG 2.1 Guidelines, and it contains three levels of accessibility – A, AA, and AAA accessibility.

The WCAG does not require the use or inclusion of any specific technologies, such as those that amplify words or offer audible versions of content, for compliance. Instead, the requirement for compliance is that businesses offer websites and other digital platforms that implement the 4 principles of the WCAG: (i) robust enough to operate with user agents and assistive technology (e.g., web browsers and screen reader software), (ii) equally perceivable (e.g., text alternatives for non-text content, such as captions), (iii) easily operable (e.g., functionality accessible by keyboard only), and (iv) understandable (e.g., text readable and understandable).

We highly recommend and regularly work with marketing professionals and other service providers that specialize in accessibility compliance testing for the technological aspects of websites. Companies should also incorporate regular compliance testing and evaluation for their website, especially when there is an update or features are added.

Privacy Implications and Disclosures – Peter McClelland, CIPP/US

Spurred by massive data breaches that saw thousands of individuals' personal information exposed to criminals, every state in the nation has now developed some form of regulation detailing the requirements for businesses after a data breach occurs. Such data breaches can come from business email compromise, ransomware, hacking, or even by accidentally disclosing the information to unauthorized parties.  These breaches can have serious consequences, including statutory fines, class action lawsuits, and regulatory actions.

Some states have gone even further to create generalized privacy laws that impose both internal requirements on organizations that hold the personal information of the state's residents (such as when information can be used for targeted advertising) and customer-facing requirements (such as the content of a website privacy notice). For example, California requires organizations to disclose the information that a website collects on California residents regardless of where the organization doing the collection is located. The California law also requires a privacy notice to state the purpose for that collection, the third-parties that the organization will transfer the information to, and more. In 2023, California will have additional requirements come into effect, such as a requirement for an annual audit of the organization's cybersecurity practices.

Also in 2023, Virginia will have a law come into effect with several similar disclosure requirements for organizations processing or using information on Virginia residents and adds a requirement that a Data Protection Assessment is done before several uses for data that the Virginia legislature considers high-risk to consumers. Any organization processing the personal information of Virginia consumers is subject to its requirements and needs to develop a compliance strategy to address the new legal landscape. Dozens of states—including North Carolina—have seen similar laws introduced in their state legislatures.

To develop a compliance strategy for your website, it is important to have expertise in your corner. Discussing your website's compliance needs with an attorney who is also a Certified Information Privacy Professional (CIPP/US) can help a business navigate the patchwork of obligations that may apply.

Trademark and Copyright Demands – Erica Rogers

Application of Trademark and Copyright Law to Websites
Intellectual property law impacts every business—whether owners of the business know it or not. The moment a name is used in relation to your business's goods or services, certain trademark rights are created.  As soon as your website is created, or updated, certain copyright rights arise.

These same everyday business activities can also create substantial legal headaches if the creation and use of intellectual property is not handled properly:

  1. Is your product or business name available?
  2. Is the corresponding domain name available?
  3. Do you own the copyright in the website materials?

Trademark Demands
Internet marketing and search engine analysis are relatively new problems for trademark owners. For example, keyword advertising, where trademarks appear in advertisement banners, cybersquatting, and unauthorized use of trademarks in HTML codes can all cause initial interest confusion, which can damage the reputation of a brand.  To avoid this type of infringement, all case-by-case specific, we recommend avoiding the use of technologies to engage in unfair competitive advertising with third-parties.  Competitive advertising can be legal, but only under limited circumstances where the claims are substantiated, and an association disclaimed.  To respond to this type of infringement, all case-by-case specific, we typically recommend considering: (a) sending a demand letter to the infringer; (b) filing a complaint with the search engine provider; (c) purchasing own trademarked keywords before competitors; or (d) utilizing UDRP complaints to address bad faith registration of internet domain names.

Copyright Demands
If the website design, photographs, text, or other creative works are not original content, it is vital for the business to ensure that it has express permission to use them.

Oftentimes, businesses use third-party graphic designers to assist with the development of their websites. In these cases as well, businesses should ensure that each designer or design company has assigned all intellectual property rights to the business. If such an assignment is not possible, given the leverage, the recommendation is at least an exclusive license to use the works. That way, no other business can make use of substantially similar website designs. 

In any case, having written agreements in place to address intellectual property terms is the best practice to avoid copyright infringement demands in the future. Similarly, the website terms of use can be a good place to address what the business will do if it receives a claim of copyright infringement.

Conclusion

Challenges and risks remain for website owners, even during a time where websites have proved to be a saving grace for many businesses during the COVID-19 pandemic. To understand these challenges and risks and avoid them in the future, please contact us.

--
© 2021 Ward and Smith, P.A. For further information regarding the issues described above, please contact Angela P. Doughty, CIPP/US, Peter N. McClelland, CIPP/US or Erica B. E. Rogers.

This article is not intended to give, and should not be relied upon for, legal advice in any particular circumstance or fact situation. No action should be taken in reliance upon the information contained in this article without obtaining the advice of an attorney.

We are your established legal network with offices in Asheville, Greenville, New Bern, Raleigh, and Wilmington, NC.

Subscribe to Ward and Smith