Back To The Blog

Making Cyberspace Accessible to Americans with Disabilities

Uncategorized / January 07 , 2013

A Q&A with Tim Springer, CEO of SSB BART Group
Section 508 of the U.S. Rehabilitation Act covers access to electronic and information technology for people with disabilities, and it concerns companies receiving federal funds or contracts. Though accessibility portions of this act were established in 1998, many companies are still uncertain about the guidelines and how they differ from the standards outlined in the Americans with Disabilities Act (ADA). To clear up some of the confusion, I spoke with Tim Springer, CEO of SSB BART Group, about accessibility issues and their significance for risk managers.

What is 508 Compliance?
Section 508 is a United States federal law that dictates that everything the federal government spends money on for information technology purposes has to be accessible or usable for people with disabilities. The law defines the terms and set of standards for what is “accessible” and “usable.” Basically, it breaks down into three components: technical standards which govern the code–these are normative requirements you can validate with a checklist; functional requirements that govern whether the system as a whole produces an accessible experience; and information documentation and support, which governs the experience around the system and whether the information, training and documentation is accessible.

What is ADA Compliance?
The ADA, or Americans with Disabilities Act, gives civil rights protection to individuals with disabilities. Under Title III, business and nonprofit service providers must provide effective and accessible public accommodations, which covers websites.

Why is accessibility for people with disabilities an important issue for risk managers?
Section 508 is important for anyone working in the public sector because it’s mandatory. If you don’t conform to the law there’s a complaint and resolution process. From a private sector standpoint, if you’re selling software to the public sector, those services will fall under 508. So if you want to keep selling your software to the federal government it needs to be compliant. If you’re in the private sector and you’re not dealing with the government, then you’re looking at ADA, which has more stringent requirements and the cases are more often enforced with litigation.

What are some of the penalties and liabilities for noncompliance?
Section 508 penalties can span from a mandate to change your system to full loss of a government contract if you’re noncompliant. There are generally no direct financial penalties under 508, unlike ADA. We don’t have many examples of contracts being lost—most are simply not getting awarded in the first place. For ADA, penalties can include legal fees, civil damages and mandates to fix things.

What steps can a company take to ensure compliance or remediate noncompliance?
In terms of ensuring compliance there are three broad activities we recommend. When we engage with a customer, we will start with an overall audit that tells them what’s wrong and what needs to be fixed. That’s become a best practice in the industry and most organizations start with that auditing function. The second component is implementation support, which includes active support throughout the development lifecycle and consultation around which requirements need to be addressed and how. Finally, we also cover the broader category of developing compliant policies and procedures, such as interacting with vendors.

Outside of that, there are other specific services we provide. When a government agency requires a Voluntary Product Accessibility Template we can help companies produce this document. When organizations do large-scale remediation we can add in remediating code directly. Typically our customers are larger enterprise enterprise-level healthcare, financial and software service companies. Our services require a lot of domain expertise, but we offer a turnkey solution that allows customers to continue these activities on their own once we train staff and get them up and running.

In conclusion …
Businesses that offer services online and have no physical storefront presence may be facing serious risk (see lawsuits) for not making their websites usable for people with disabilities. After all, most businesses would not build a building without a wheelchair ramp as they understand doing so would risk a massive lawsuit. The virtual equivalent is building an accessible site and one can easily see how ADA regulations will only grow in application to business as more services shift online.

 

Related Blog Posts

10 Cybersecurity Tools Every Small-Medium Business Should Have in Their Arsenal

What You Need to Protect Your Data

SMBs have unique cybersecurity risks that should be managed with appropriate tools. Here are the top tools and some mistakes to avoid when implementing them.

Continue Reading

8 Things Every Business Should Know About Cybersecurity

Top Tools and Tips for Cyber Risk Management

Cyber risk is always evolving but every business needs to understand the fundamental threats they face as well as the key tools for risk assessment and mitigation that can help them improve their cybersecurity posture.

Continue Reading

From Afghanistan to Ransomware

A Q&A with Melissa Ventrone of Clark HIll

As an attorney in the cybersecurity and privacy space, Melissa Ventrone draws on her military background to keep clients calm, manage complex logistics, and help them mount a successful incident response.

Continue Reading
Visit Our Blog

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download
Solutions
About
Contact

P.O. Box 204
Gladwyne, PA 19035
610.896.9715

© 2024 NetDiligence All Rights Reserved.