#016 Digital Law Part I: Is My Website Breaking The Law?

Do I really need to be thinking about web accessibility, privacy policies, and the CCPA?

Website Accessibility isn’t a new topic, but it’s definitely a trending one. From the limelight of the Domino’s case, moving all the way up to the Supreme Court businesses are just starting to understand the severity. Don’t shrug this topic off just because you’re a small business. There’s been a 200% increase in small business cases over the last three years. To get in the know, we’ve collaborated with Jeana Goosmann of Goosmann Law Firm to talk about website accessibility, privacy policies, user terms, the CCPA, and what actions your business needs to start taking… like tomorrow.

Biggest Takeaways From This Episode

Website Accessibility

Don’t think these laws only apply to big businesses. You must comply with this law and make sure your site is ADA compliant.
Someone with a disability needs to be able to access and visit your website. This policy applies to ALL disabilities.
Why care? There are attorneys that are preying upon websites, particularly of smaller businesses and targeting them with suits.
This is NOT a trend that is just happening on the coast. There are no rules, no hotbeds, these are issues that are spanning every type of business everywhere in the United States.
Here are some basic website accessibility mistakes you might be making right now.
- If you have a photo on your site, it needs to have a caption of alt-text so that a reader can read that image.
- If there is a flash animation, it needs to go at a rate so that someone can pause it, shut it off or easily read the text. It also can not be so fast that it triggers seizers.
- Your page titles need to easily be read by a reader and make sense.
- All of your fancy features like toggles and accordions need to have alternative routes to access the content.
The best place to start is to talk to your legal counsel and that your lawyers have the knowledge of the ADA website accessibility.
You need to start and write a legal website policy alongside an attorney.
Here’s what happens if you violate.
- Usually, it starts with a demand letter, either an email in your inbox or your registered agent might get a letter from a lawyer saying a client was on your website and was not able to access these functions and as a result, we demand you pay us.
- The demands could start out as $50,000. That’s not a small amount of money. Target has paid over $3.5M for this issue!
- Now… you’re panicking and have to reach out to an attorney.
- You’ll have to resolve the dispute and the website changes.
- Then, you’ll have to put an action plan in place to fix your site. There will be dollars associated with that cost as well. It’s not always an easy fix to update an old site.
Our best advice is to be proactive. Put a compliance plan together. Make sure you’re up-to-date on the latest technology and requirements on your site. If you’re doing a new site, make sure this is a part of your plan!

Privacy Policies

Why do I need a privacy policy? It lays out the information that you collect via your website, how you use it, how you share it, how you secure it and how you store it.
Different states have different laws. You have to comply with all of the states that your visitors or customers come from, it’s a wild web we weave. (Get it… web.. the internet… alas)
If you collect data from anyone younger than 13, there are special laws.
If you’re a financial institution you have even more specific restrictions.
Same if you’re in healthcare, there are specific health and personal data restrictions that you need to abide by.

California Consumer Privacy Act

This law is definitely in effect now. It’s known as the CCPA. This law is for any company that does business in California, collects information from any visitors from California, or others who do business in California. OR if you have annual gross revenue of $25M OR if you participate in buying, selling, receiving personal info, OR if you’re in the business of buying/selling personal information.
The California Attorney General’s office is among the most powerful resources in the US.
The damages are $100-$750 per consumer, per incident. That scales FAST!

Should you use a free online generator for an accessibility policy or privacy policy?

Jeana says buyer beware! A lot of the times you get what you pay for. We suggest paying for certainty. Don’t just go off of hope that this is going to cover you. Please use an attorney who knows these laws and their up-to-date compliance rules.

Transcript

This text below is a straight-up audio transcript of the episode. In our humble opinion, we think the audio podcast sounds much better in its original form. We have not edited the transcription below so there are indeed some grammar errors (some quite funny, in-fact).

Hello, this is Beth Trejo and this is the Generation Social Media Podcast. I'm so excited today, my guest is Jeana Goosmann with Goosmann Law. The social space is still so new, we do a lot with websites as well. And so we're going to talk to Jeana a little bit today about kind of navigating that landscape. What does that mean for businesses both small, large, local, and how they can start to understand the rules. Maybe which ones are the most likely to be broken, as well as some of the things that they just need to keep in mind as they're going both on the social media and digital space. So before we dive in, Jeana, let people know, introduce yourself. You're an entrepreneur, a speaker, an author, tell people about you and kind of why you're passionate about law. Thank you, Beth. I'm excited to be on your podcast today.

I am Jeana Goosmann from the Goosmann law firm and I'm the CEO managing partner and founder of the Goosmann Law Firm. And now I have a team of about 60 and we practice law primarily in the Midwest, but then beyond. Whenever our clients they have business beyond right all over the world these days. So I myself and also the entrepreneur as you mentioned in last year I wrote a book called worth it. Business leaders ready, execute, deliver. Yeah, I love it. Thank you. And I practice law and I help business owners navigate all their legal issues that they have to encounter on a regular basis. So I really focus on those business leaders and business leaders today are heavily into social media and there are a lot of things that they need to be worried about and thinking about as they make their posts and also with their websites and staying cutting edge with these various topics.

Right. And I think we could do like a series of these, there's so much to get into, but we want to talk a little bit today about specifically some website issues because there's a lot of, like most businesses have websites, right? They're still very valid. They're still really important for small businesses. Just a mom and pop store on the street or large brands. Everybody's, you know, wanting to have a presence online. So let's start and talk about like what are some of the mistakes you see local businesses make? And you know, one of the questions we get all the time is this new, I don't want to even say new, but there's a lot of chatter if you will, around web accessibility. So let's start there. Tell me what that is and where's the first step that businesses need to like take a step back and be like, okay, am I, am I okay with this?

Absolutely. So I think one of the things you brought up as smaller businesses, and one of the mistakes I frequently see is that they have the impression that all these laws only apply to bigger businesses. Right? And that's actually not true. A lot of the laws we're gonna talk about today do apply to them as well. Some laws obviously have caps as far as you have to have a certain income threshold. And we'll talk a little bit more about California later, but not all of them, including the Accessibility Law that you talked about. So one of things that is really hot when it comes to websites that people need to be aware of is that they need to be ADA compliant and have accessibility built into them these days. And so what that means is that somebody with a disability needs to be able to surf that website and be able to figure out what it says.

Even if, for example, they are blind. So if there is a picture on there, it needs to have a caption so that a reader would be able to read it, for example. Or if there's flash, it needs to make sure that it goes through it at a rate that somebody would be able to figure out what's going on even if they have a disability. So in a nutshell, that's what the Accessibility Law is all about. Yeah. And correct me if I'm wrong, but it doesn't just apply to one form of disability, right? Like there's a lot that it applies to. And how, how do you recommend businesses like start evaluating that? Like, am I okay? Should I be okay? Like where is the best? Like do they just need to talk to their legal counsel about that? Like where do they start? Absolutely. So I think they should talk to their legal counsel about that and make sure too that their lawyers abreast of what these issues are.

Because not all lawyers are going to have this certain knowledge and be focused on this. So, to the extent that they're not, they should, might need to find an attorney that does know about this area of law. And I think part of how they start is by working on what their policies are and also before anybody is motivated to start. I think it's important that they know why should I care. And that an important the why care is because the lawsuits are really increasing on this. There are attorneys, believe it or not, this is what gives my industry a bad name. They kind of prey upon websites and in particular smaller businesses because they know that they aren't going to have the same sophisticated, big legal counsel that have issues with their website and they're going out and their targeting them and they're targeting them with the view of potentially suing them in order to get a judgment and recovery for their client.

And those lawsuits are really increased. Just a few years ago in 2017, I did a little homework. Yeah. And there were 800, just over 800 lawsuits of this kind back in 2017 and a year later there were over 2,200 and let alone last year. I mean, it's just going up exponentially because people are being successful with this cause it's a real issue. Right. And this isn't just something that's like happening on the coast, right? We're, we're recording this in Iowa and you know, we work with businesses just like you all over the country. But this is happening in mid-size markets, small-markets, different types of businesses, right? It is. And in fact, I would say way back when I became a lawyer in the early two thousands I, I was getting letters that clients would receive saying that you stole this image off the web. And that was like a big deal and they, you know, demand $10,000 cause you used our image and we'd usually get those settled for much, much less than that.

But it was still an issue. And I think now it, instead of those cases, which were really hot almost 20 years ago, now we're starting to see website accessibility and that these claims are going and so it is happening all over the place. It's not just in California. Right! And I think it's something that people need to put on their radar screen and be aware of. And it's just a good idea to have these more current policies on their site. Right. And not to mention, just to be able to service and really like have an amazing customer experience for all types of, you know, people that may be coming to your website. Right. I think that that's the other side of this that is, yes, there's obviously legal like rules, but you also want to show inclusive, inclusive, that you're inclusive for people to read your information on your site.

And you know, it's funny because this has been in play in like building codes for a long time, right? Like you have to be accessible and there's different you know, rules for that, but it just feels like there's more information and just conversations on the website world and obviously those statistics definitely prove that. Do you like what's the reality of like violating these, so you said that there can be like lawsuits that come into play or like would they just get a letter if they get in trouble or how does someone going to know if you're just breaking the rules or you're breaking the rules and you got caught? Yeah, so honestly, usually it does start with a demand letter. All of a sudden you're, you show up at work one day and you get a either an email in your inbox, if you're the business leader or your registered agent might get an email, a letter served upon them, and all of a sudden you have a demand letter from a lawyer saying that my client, ABC person, who you've probably never met before because they were on your website, was not able to access these functions and they have this certain disability.

And as a result we think you have violated these different laws, and we demand that you pay us. And that's how it would start. And all of a sudden then you, you're shocked because you didn't even know that this law existed and let alone that you should be following the Web Content Accessibility Guidelines. Which is something that we would recommend that people actually have some knowledge on and have some plan in order to comply with those guidelines. And that that's how it gets started. And some of the things that we've seen and I think that are more public that you can talk about, I mean there's already been some class actions against the bigger companies and that's where you're going to see those things in the news, right. That might make it on to mainstream media. But I know in one of the cases there was a settlement that target paid over $3.5 Million in a national class action to settle that over this very various issue.

And there are also been confidential settlements that were reached with some big companies like CVS that were sued. You're not going to see a national media attention on the local pharmacy that got sued over this issue, but they're the ones that are going to get those letters with the relative smaller demand. It might start out as a $50,000 demand. Right. But that's real money and you don't want to just all of a sudden get caught with, I got a $50,000 demand because somebody wasn't able to view our website. And not only do you have the demand, but like businesses also need to factor in. They're going to, someone's got to fix it. Right? I mean like on the website side you know, just having conversations with our web team, making an old site in the way that those new devices and screen readers and all of the different devices to be able to really comprehend the information on there and to view the images.

It's not an easy fix, which means it's going to be costly or there's going to be a level of technical expertise. So I think that there's a couple sides to this. When you look at like a business risk, right? It's like, okay, you could get sued and there's, you know, they're gonna, there's gonna be a lawsuit or even just a settlement, right? And then you also have to fix the site or probably just shut it down, which is going to be risky for your business as well. So you can be proactive. You could consult with somebody that I might be talking to you right now and figure out how do I get a new site that might be compliant with these laws and that would have a compliance plan and policies associated with these current laws today and making sure that you're up on that current technology and you're being proactive in that way.

And it's always less expensive in the long run to be proactive than it is to be reactive and wait until you get one of those demand letters in the mail. And because at that point in time now you have a dispute that you have to resolve as well as still needing to get yourself compliant. Right. And I think, you know, when it comes to building a site, if you have a thought in your mind, I want to redo my website or I need a new, a new website, like this is definitely something you want to make sure that you're like addressing and it's part of your plan because it's expensive to do all this stuff. And I think it's also a big testament that you kind of do want professionals involved. Whether that's on an advisory role or you know, somebody who knows what they're talking about because I mean these things are real business, you know, risks and problems and we want to make sure that our business community is kind of taken care of on that end.

Absolutely. And to that end, we've really enjoyed partnering with you and your team to make sure that we are able to advise our clients. Yes, you have some technical things that you need to get up to speed on. And as a result we have a great referral partner that we can work hand in hand with, cause we can advise them on the policies that they need to have, but to the extent that they have technical work that they need to have done on the backside of their website or a website overhaul because it's just way outdated and they haven't done anything for 20 years, since they maybe built it themselves. Right. I think that's been a really good partnership. Yeah, I agree. Well, let's move on and talk a little bit about privacy policies. So tell me what, what is a privacy policy and does it protect you or what is the purpose of it?

Because I feel like there's a lot of information out there, but break it down for us, layman's terms. Why do I need it as a business owner? Absolutely. So Beth, a privacy policy generally is lays out the information that you collect, how you use the information, what information you share with third parties, how you store and secure the data and if you use cookies. So those are the various pieces that a privacy policy would cover. And essentially we've all seen them when we go on a website, right? There's a lot of times you have to like click and acknowledge that you've had access to the privacy policy. I know that my social accounts are constantly updating me, but they've changed their policy right. And this is why, it's because they want to make sure they are using the data and cookies are being used and all those different things.

But when people are, are collecting that information or have data being collected, they need to give notice to the users of the site. And this applies to all businesses, right? Like all different sizes of businesses. Probably best practice just to have that on your site and to let, I think that's really what we see from a trend. Just like just the transparency, like you signed up, great. We're going to use your information for this. And even if it's not always like required from whether it's illegal or you know, I know different countries have different rules, but I think it's also a kind of a best practice for consumers, don't you think? Just to let people know what you're collecting and what information you're using. It is a best practice. And I would say there's no one federal law that covers this topic.

And so it's actually a pretty complex legal web. And as a result of that, that's part of why it makes it a best practice because different States have different laws on the privacy policies of what they would require. And if you're online, you're probably doing business in lots of different States. And as a result, you don't want to just comply with your home state. Because now you have customers or consumers that are doing business with you from a neighboring state and beyond. You can't really tell who all is going to be on your website. Cause that's the beauty of the web. In addition, I think that there are special laws in different areas and with different industries, too. For example, if you're collecting data from children, which is defined as anyone under the age of 13, there are special laws also if you have financial data that you're collecting if you're a financial institution.

And also if you're in a jurisdiction that has really significant restrictions on use. Like if you're in California, which we might talk about in detail. Yeah, let's talk about California. It's, it's interesting because I think a lot of people are like, well like I don't work in California or you know, maybe maybe your local online store. Like it's not just for people who are like have a physical business in California. Right? It's kind of a larger picture than that. It is. And I actually, I made sure before I began there, I would jot this down cause there are specific requirements. So what we're talking about right now is the California passed back in 2018 and it just went into effect. So they delayed the effectiveness of it, but it's the California Consumer Privacy Act and it is goes into effect as I said just recently.

And it's the acronym for it is the CCPA and it applies to businesses that do business in California, collect personal information and if they determine that the purpose or means of processing the personal information still applies and if they do business with others. So this is like a really broad category. Any business whatsoever in California or others that do business in California, this could capture you. Right? And then there's an or category. So then this other part of the test is if they have annual gross revenue in excess of $25 million or so, this is where you can get your smaller businesses if they participate in the business of buying or selling or sharing or receiving personal info and, or if they get at least 50% of their revenue from selling personal information. So there are a lot of catch-alls that can make people need to comply with this act in California.

And the California attorney general is very aggressive, as well. And they have a, probably the largest law firm in the state. The California attorney General's office does. Wow. And they make a lot of revenue in their state. And I, we all hear about their budget crisis, right. Just constantly adding new laws that can, you know, assess fines and penalties against folks that are, are not complying with these things. And these fines that can be huge. They're statutory, which means under the law, the damages are $100 to $750 per consumer, per incident. And unless the actual damages are even greater. So if you are collecting data and you have a lot of visitors to your site and you're getting like have a lot of cookies or something, right. Those can add up really fast. Yeah. I, I'm envisioning, and I'm using this as a complete hypothetical, but like oftentimes, especially, businesses in the manufacturing category, right?

They're like a big business web presence and marketing was never really a priority for them, but they may have done a Facebook campaign or maybe they're using, you know, some like back-end data. They don't even realize they're capturing the data, right? Because that was on marketing or that was if an agency they hired a long time ago, but they have vendors in all different States across the country and that may just not be on their radar of like, Hey, maybe we need to talk to someone about this or analyze, you know, our risk at this at this point, because I think that a lot of people still see websites, and I'm not going to get on a tangent here, but I, but it's not just a marketing thing, right? It's really your digital storefront. It's how people contact you. It's where they find, you know, your basic information about your company.

And these laws don't care if it's a marketing cookie or it's other data that you're collecting, right? They're just saying, Hey, if you're doing this, like, and you have somebody coming from California, you're probably breaking this law. So definitely a way to, to kind of have that conversation with their counsel or whoever they value their kind of expertise on that. Absolutely, So as we're drafting these privacy policies, now we're assessing whether or not we need to make provisions for this California law. And when we that we can try and be overly cautious in that regard because if they, since California has a law and it's kind of the highest standard to right now, and if you hit the highest standard, you're probably going to be covered in all the other States. And that's one of the things that we're looking for.

And if they're collecting anything, like you said, like the geographical data, whether people are coming from, well, if you use Google Analytics, right, doesn't that mean you're doing these things? You're already capturing that. Right? Right. And Google Analytics also requires that you have a privacy policy to yeah, so many things that people are just not even thinking of because again, Mr. Again, I'm pretending Mr. Manufacturing owner is not thinking about his Google Analytics on a day to day basis. Right. And so it's kind of that like afterthought but definitely important to consider. It is. And I think it's an area that if you're the Marketing Director and all of a sudden this demand shows up in your CEO's inbox, they're going to be coming to your office. So raise your hand and get some help because, it definitely is, it's easy, way easier if you're proactive about it.

I think that's kind of the case with the accessibility side of it. And with the privacy policy side of it you know, if you just take a couple steps now you're probably setting yourself in a really good spot because the stuff is always going to be changing. It is. And I think you can sleep well at night if you've attempted to cover these different issues. Right? It's always better than having nothing out there. And if you've done so in a reasonable manner and you've brought up the issues and at least you know you can make sure that when you have your meeting with your boss you were saying, Hey, we need to be addressing these things and then you won't get caught off guard later. Right. So one thing that we see a lot in questions that I have, there's a lot of free online generators of privacy policies.

Obviously that's going to be an automatic thing. What would you tell people to be watching for when they're just using those? Is that something that is an option for businesses? Like what would be your advice to a friend on that? Buyer Beware! A lot of times what you find for free on the internet is worth what you paid for it, right? Which if you didn't pay for it, right, it might not be worth anything. So I think you do have to be aware of when you're just pulling content off the internet for your use and hoping that it's going to cover you. Like I mentioned, there are a lot of different specific circumstances that can apply to your business that you might not be aware of. So if you at all have financial data for example, or you're dealing with children or any of those various special laws that would be applying to you and you might not catch that, but just because you're using an online forum or if you're in the healthcare industry, there's all kinds of different reasons that you want to make sure that you're covering your specific scenario and not just using a cookie cutter approach.

And probably just the timeliness of it. You don't know when the last time that that was updated, right? Like, cause these laws are literally constantly changing, I'm assuming and developing. So you don't want to play by four years ago's laws. You don't. Absolutely. And I think that technology's changing fast and the laws changing fast. And you don't really know who wrote that either. I just had an example this last weekend of - side story here, but I ordered some eye drops off of probably the world's largest online retailer. And I was like, they were burning my eyes. I'm like, what's going on with these? And I finally looked closer at the label and they spelled protective wrong and they spelled the name of the company wrong. What in the world is up with this. You just don't know what you're going to get. Yeah, I agree. Sometimes you need to like pay for the certainty and pay for at least a little bit of comfort around these things and don't be putting those eyedrops in your eyes any longer.

I'm like buyer beware. Right. I actually thought that those would be legit knows people are getting you all over the place. So you do have to be careful. And I think just listening to your podcast means that you're going to be more aware than most on these issues. Right. And ahead of the game. Right. And probably a leg up on your competitors, too. Honestly, if, if you're early adapter that that's always a good thing. Absolutely. And I don't know if we're going to talk about any more, but I still want to make sure people are also really cautious on pulling content that might have copyrights or image protection on it as well. Cause that's still a consistent thing that we repeatedly see. Yeah. Good advice and tips. Well, Jeana, thank you so much today. We really enjoyed talking with you and I'm sure our listeners learned a lot. I know I did. So thank you very much. And this is our episode.

WebsiteChatterkickFebruary 25, 2020website, law