The Ultimate Guide to Website Compliance: Understanding Legal and Regulatory Requirements
A website compliance program is so necessary today to ensure you reach users with disabilities and to avoid unnecessary lawsuits and penalties. In addition to the Web Content Accessibility Guidelines (WCAG), the myriad overlapping website legislations in different countries make it even more complicated.
So to make things easier, this guide gives you an overview of the general information you need to stay compliant. And if you still need help understanding legal and regulatory requirements for website compliance, we at ADA Site Compliance can help.
We are the #1 source for all ADA website compliance tips and work. We have a team of accessibility experts to clear any doubts and help you create the ADA-compliant site-accessible website you are looking for.
How to Check if My Website Is ADA Compliant and Reduce Web Accessibility Claims?
The best way to reduce possible ADA web accessibility claims is to make ADA legal compliance part of your business. This means including these best practices in your everyday regime helps minimize your risks of exposure.
There are two ways to check for website compliance. The first is to do it using one of the many online tools. These tools will scan your website and let you know if you have some accessibility issues.
However, it is not enough to depend on the tools to ensure website compliance. The human touch is always better, so get a second opinion by hiring paid services. The added advantage of a paid service is that they usually have people with disabilities on their team to conduct accessibility checks.
They will provide the best website compliance rating based on user disability issues. As it’s expensive to have an in-house accessibility expert, it’s worth hiring accessibility providers to conduct a human website assessment for compliance.
Some Operable Web Accessibility Guidelines to Consider
If you realize that your website or online document is non-compliant, there is no need to do a complete revamping immediately. There are a few things you can first try for ADA compliance.
1. Ensuring complete functionality using a keyboard
Some visitors may find using the mouse or a touchpad to navigate your website challenging. In this case, ensuring your website can be accessed via keyboard helps. For example, letting users check out different page elements using the tab key where the enter/return key ‘clicks’ the element into focus.
2. Provide visitors with sufficient time on the website
Always ensure your visitors have enough time to read, watch and perform other activities on your site, like while filling out a form. If you need to include a time limit or constraint for any action on the site, configure it so users can extend or cancel it as required.
This guideline is also applicable to accessible drop-down menus you may have on your website. There is a chance that some visitors may opt to disengage with the menu from the mouse. If this happens, it is good to structure that there is a time delay before the menu disappears.
3. Avoid using any form of blinking or flashing content
The World Wide Consortium (W3C) states that there is a risk of any content that blinks or flashes more than thrice in a second to trigger a seizure. No company wants to end up being the reason for a person’s seizure and possible health complications.
So it is better to avoid using any flashing or blinking text on the site in the first place. You must place a warning in case your web design is structured so you cannot remove the blinking or flashing content.
4. Website navigation to let users know where they are and can go
All web pages should have a clear page title, keyboard focus indicator, meaningful links, and proper headings. This will help ensure users know where they are when on your site and which elements are clickable links.
5. Color contrast
Poor contrast between the text and background color can make reading your web content difficult for millions of users having moderate to severe vision impairment. According to WCAG, it is advisable to have at least a 4.5:1 color contrast ratio maintained between text and background colors. It’s even better if you manage to have a contrast of 7:1.
6. Use more buttons with different and more appropriate text
Do not use buttons with the everyday ‘click here’ text. Your users with disabilities will appreciate and like it better if you clarify or clearly explain what will happen when they click the button.
Besides, no matter who the visitor is, a clear call to action is always helpful for you. It is worth spending minimal time and effort to create more interesting calls to action.
7. Video content with closed captions
This tip works wonders at increasing your reach while complying with ADA rules. All you need to do is transcribe your videos and add closed captions. There are two benefits to doing this. It helps those with hearing loss consume your content and also helps increase video consumption.
8. Images should have helpful alt text
If you are not aware, alt text is the text that pops up when your mouse hovers over an image. As screen readers also read it, you must use alt text that clearly describes the picture. Besides, including keywords in the alt text will also help boost your SEO rankings.
General Data Protection Regulation for Industry-Specific Websites
1. Website legal HIPAA requirements for healthcare websites
Healthcare provider websites in the U.S. should be careful while collecting patients’ health information. The HIPAA (Health Insurance Portability and Accountability Act of 1996) regulates the collection and sharing of patient health information.
A mistake on the developer or owner’s part of an accessible website may expose Protected health information (PHI), leading to massive fines and devastating public relations nightmares for the healthcare provider.
The patient will likely share information about their health history in a contact form or booking system. And a hack can easily expose this sensitive data and information, equivalent to your doctor forgetting private data and files in public places.
The best way to avoid this is by ensuring all contact forms and booking systems in a WordPress site are HIPAA-compliant.
2. Contractor website requirements
As most states in the U.S. require that contractors list their postal address and their license ID on their websites, forgetting to have this on the site can lead to a fine.
3. Financial advisor website requirements
Financial advisors have strict regulations about using client testimonials and claim for results. They are aware of them and will ask about them, and in case they do not, you have to ask.
Regulatory Workplace Compliance
Numerous regulations related to employment and health insurance coverage in the workplace relate to health administration in any business. They include:
- Hiring practices
- Wages and hours
- Employee discipline and termination
- Workplace Safety and Environment
- Sexual harassment, intimidation, and other offensive acts
- Unfair hiring and employment systems and recruitment and retention of employees
Besides, all organizations should make it mandatory that their employees understand compliance issues. This is important because it helps the organization to meet its goals. In addition, high-performance employees need to adhere to and abide by ADA-compliance regulations.
All regulations should be regulated, and industries should follow all rules. For example, HR practices should prevent the implementation of any potentially discriminatory practices while recruiting resources. And most importantly, employees should perform hiring procedures as prescribed to avoid facing EEOC sanctions.
Rules and regulatory compliance companies regulations in countries outside the US
All countries outside the US have various regulations to follow. Here is an overview of regulations in four countries having multiple regulators:
Australia has regulators like:
- The Reserve Bank of Australia oversees multiple financial regulations
- The Australian Communications and Media Authority oversees the Internet, broadcast, and communication-related issues
- The Therapeutic Goods Administration overseeing medical devices and drugs issues
- The Clean Energy Regulator oversees energy and carbon emission issues.
The Office of Superintendent of Financial Institutions and Financial Transactions and Reports Analysis Centre of Canada oversees most of the financial entities in Canada. Canada does not have federal regulators of securities firms. All entities in provinces and territories work together to regulate securities trading.
Other Canadian regulators include Environment and Climate Change Canada, which oversees environment and alternative energy regulations, Health Canada oversees occupational safety and public health; and Canadian Food Inspection oversees food safety and animal health.
India has local, state, and national level regulations that generally fall into three areas, economic, environmental, and public interest-related. Most regulations are implemented by local governments and at the national level.
4. United Kingdom
The UK has various regulations for corporate disclosures. Some are specific to the U.K., and some are set up by European Union legislation. The U.K. Corporate Governance Code regulates the setting up and operation of publicly traded companies in the U.K.
Specific Industry and Public Interest Laws and Regulations
There are tens of thousands of laws and regulations applicable to organizations across the US and federal law. And most of them are within specific industries and subject areas. Examples of a few of these sectors include financial, healthcare, employment/workplace, environmental, and immigration.
Regarding technology and data breach security, multiple regulators and regulations like the Finnish Personal Data Act and the Austrian Federal Act Concerning the Protection of Personal Data help protect data retention and prevent data breaches.
The California Senate Bill 1386 needs a special mention; as per the bill, any company experiencing data breaches must notify California citizens whose personally identifiable information the cardholder data breach may expose.
And about civil rights, the US Civil Rights Act of 1964 bans any form of discrimination based on sex, national origin, race, or religion. Similarly, the Americans with Disabilities Act bans any form of discrimination based on disabilities, offline and online.
The idea is that everyone has the right to public places like hotels, schools, and tourist attractions. With the online space, the ADA defines that everyone should have access to websites to do everything. This includes shopping, booking tickets, looking for jobs, and conducting business.
Define Regulatory Compliance Cost
Regulatory Compliance Cost is the total amount of other resources an organization will have to spend to ensure compliance with all applicable regulations. For example, some regulations require the maintenance of detailed records about employee time and other related company resources.
Calculating the total economic costs for organizations in the US complying with all regulations is not easy. For example, a 2017 American Hospital Association report estimates that the US healthcare industry regulations cost hospitals $38.6 billion annually.
Costs of Non-Compliance with Regulations
It is not only the cost of complying with regulations that is steep. The costs of non-compliance to WCAG guidelines are very steep too. In fact, according to experts, the costs of non-compliance are much steeper.
The government imposes penalties on web developers and website owners for non-compliance. The fine to pay for minor violations like missing deadlines for filing annual reports is not very expensive, amounting to a few hundred dollars.
However, SEC and other financial violations can lead to penalties of millions of dollars in fines. Hospitals violating HIPAA patient privacy provisions risk facing several millions of dollars in fines for all massive data breaches or repeat incidents incurred.
In Europe, the European Union’s General Data Protection Regulation applies to all organizations obtaining or storing the personal data of EU citizens.
In short, it also means the regulation applies to many businesses in the US. And these penalties are not small amounts. The maximum for violating some GDPR provisions is 20 million Euros or four percent of the organization’s gross global revenue.
Agencies Overseeing Regulatory Compliance
There are hundreds of local, state, and federal government agencies administering laws and regulations applicable to organizations. These agencies and some groups also guide companies into compliance programs understanding and following all applicable laws and regulations.
Non-Governmental Entities Overseeing Industry Standards and Regulations
There are some industry-related organizations with established standards serving quasi-regulations in specific industries. Some nonprofits like Financial Industry Regulatory Authority (FINRA) and the Public Company Accounting Oversight Board (PCAOB) also oversee certain industries and regulations.
Standards Guiding Regulatory Compliance
Some standards, for example, NIST Standards and ISO/IEC 27002, were set up to guide compliance with some regulations.
Organizational Strategic Issues Related to Regulatory Compliance
Organizations that face significant regulations must start considering how they should structure their companies and processes. This is to ensure they can operate well while complying with regulations. This means the company leaders have to take into consideration multiple factors:
- Strategies to use to balance compliance between legal, auditing, and all other business functions
- Creating internal systems to use for monitoring and reporting compliance
- Encouraging and developing common compliance strategies across various teams and company locations
- Predicting the potential impact regulations will have on a company’s strategic direction, business goals, and regulatory compliance systems
- Strategies to use to measure compliance value, like employee performance evaluations
How Organizations Can Handle Regulatory Compliance Processes
There are various steps organizations need to start adopting and implementing to ensure and handle regulatory compliance. These strategies include:
- Larger companies and all companies that are within highly regulated industries have to start hiring employees. They may have to hire dozens or hundreds of employees whose primary duty and focus would be the company’s regulatory compliance.
- In the case of companies with publicly traded stock, the Securities and Exchange Commission requires that these companies have a compliance officer. While most such companies have regulatory compliance departments, other banks and large companies have hundreds of compliance staff.
- On the contrary, smaller private companies may not have even one employee handling compliance issues. They usually have a company lawyer, an external lawyer, or a top company executive to deal with compliance issues. Whoever is chosen is generally advised that smaller companies ensure they have a point person in charge of all regulatory compliance issues.
It is not only hiring appropriate staff that will help companies regulate complaints. Various software or internal assessments help with regulatory compliance.
These software and internal assessments include:
Acquiring Compliance Management Software
This software proves helpful for organizations to keep track of the various regulations applicable to all companies and specific industries.
Assessing Auditing Systems
This internal assessment system is necessary for regulatory requirements, achieving compliance, and maintaining regulatory compliance.
Developing Business Continuity Plans
Companies should adopt a habit of determining how they continue working during and after all disasters. They include natural disasters, viruses, crashes, and all catastrophic events that may affect a business’s informational technology system.
Assessing and Improving the Security and Privacy of Information Technology Systems
This is another internal assessment required to maintain regulatory compliance in a company. It comprises a template that provides your organization with a structure to create periodic reports on regulatory compliance work and create internal systems.
It asks for details related to regulatory compliance requirements applicable to the organization’s operations, its regulatory compliance policy and status, a summary of all actions taken, and recommendations to take future actions.
Internal Regulation Requirements for Businesses
It is required by most states that companies maintain a habit of supplying information on their business operations. There is always the probability of some legal requirements affecting some business aspects.
Frequently Asked Questions
Here are a few of the most frequently asked questions we receive about understanding legal and regulatory requirements for website and compliance programs.
1. What is compliance with legal and regulatory requirements?
Legal and regulatory compliance is where an organization has to adhere to all laws, guidelines, regulations, and specifications relevant to its business processes. In short, it is a legal obligation that involves ensuring the legal entity of the business operations as per regulatory standards. Any violations made result in legal punishment, including federal fines and penalties.
2. How do you ensure compliance with regulatory requirements?
There are a few steps to ensure compliance with regulatory requirements. They include:
- Determining all business-relevant regulations
- Identifying the requirements they have to comply with
- Conducting initial internal audits
- Establishing and documenting all compliance policies and procedures
- Providing compulsory periodical compliance training to employees
- Hiring experts to ensure ADA compliance
- Constantly improving regulatory compliances by monitoring the legal landscape, conducting periodic audits, and adapting procedures as per regulatory changes
- Leveraging appropriate tech tools and software providers
3. What does every website need legally?
Every website must legally adhere to data protection and privacy laws and policies and meet all accessibility standards set by the ADA. Some specific industry guidelines say websites should also adhere to e-commerce, copyright, plagiarism, and anti-spam laws. And some industries may also need to adhere to other specific website requirements about health, legal and financial matters.
4. What is website compliance?
Website compliance means that an organization’s website must adhere to or comply with all legal requirements and legislations relevant to the website.
While designing your website, you must remember that millions of people worldwide have disabilities. Though they have disabilities, they are on the lookout for and need the same services and products as any other users.
So they will be conducting searches online and visiting websites. So remember them while designing your website to ensure you do not miss out on this massive market. Or risk ending up having to pay huge penalties.
You need not worry much if you do not have the time or people to work toward ADA compliance. There are many services online you can turn to for help and hire to create an ADA-compliant website.
We at ADA Site Compliance, for example, are one of them. We are the #1 source for all ADA website compliance tips and work. We have a team of accessibility experts to clear doubts and help you create the ADA-compliant website you seek.
Have a question?
We’re always here to help.
The ADA prohibits any private businesses that provide goods or services to the public, referred to as “public accommodations,” from discriminating against those with disabilities. Federal courts have ruled that the ADA includes websites in the definition of public accommodation. As such, websites must offer auxiliary aids and services to low-vision, hearing-impaired, and physically disabled persons, in the same way a business facility must offer wheelchair ramps, braille signage, and sign language interpreters, among other forms of assistance.
All websites must be properly coded for use by electronic screen readers that read aloud to sight-impaired users the visual elements of a webpage. Additionally, all live and pre-recorded audio content must have synchronous captioning for hearing-impaired users.
Websites must accommodate hundreds of keyboard combinations, such as Ctrl + P to print, that people with disabilities depend on to navigate the Internet.
Litigation continues to increase substantially. All business and governmental entities are potential targets for lawsuits and demand letters. Recent actions by the Department of Justice targeting businesses with inaccessible websites will likely create a dramatic increase of litigation risk.
Big box retailer Target Corp. was ordered to pay $6 million – plus $3.7 million more in legal costs – to settle a landmark class action suit brought by the National Federation of the Blind. Other recent defendants in these cases have included McDonald’s, Carnival Cruise Lines, Netflix, Harvard University, Foot Locker, and the National Basketball Association (NBA). Along with these large companies, thousands of small businesses have been subject to ADA website litigation.
Defendants in ADA lawsuits typically pay plaintiff's legal fees, their own legal fees for defending the litigation, and potential additional costs. In all, the average cost can range from tens of thousands of dollars, to above six figures. There are also high intangible costs, such as added stress, time and human capital, as well as reputational damage. Furthermore, if the remediation is incomplete, copycat suits and serial filers can follow, meaning double or triple the outlay. It's vital to implement a long-term strategy for ensuring your website is accessible and legally compliant.