Since the Americans with Disabilities Act (ADA) was passed in 1990, businesses have been vulnerable to “drive-by lawsuits” alleging that their facilities are physically inaccessible to disabled customers or guests. The new trend in ADA litigation is the “surf-by” lawsuit—disabled individuals who sue under the ADA because a business website they visited was allegedly inaccessible to them. The U.S. Department of Justice also has been aggressively enforcing website inaccessibility violations even though it won’t issue regulations until 2018.
If you’re still not convinced that the threat of website accessibility lawsuits is real, consider that in March, a California trial court became the first in the nation to rule on summary judgment that a retailer’s website violated the ADA and California’s anti-discrimination law (the Unruh Act). The court determined that the website was inaccessible to visually impaired individuals. The judge slapped the retailer with $4,000 in statutory damages under the Unruh Act, ordered it to either modify or remove the website, and awarded the plaintiff its attorneys’ fees, which are estimated to be in the six-figure range.
What can business owners do to prevent being sued for website accessibility violations? Start with these steps:
- Determine if the ADA applies to you. Title I of the ADA applies to private employers with 15+ employees. Covered employers may not discriminate against employees with disabilities and must make reasonable accommodations for them. In addition, accessibility may be an issue for business websites that allow job applicants to apply online. Title II applies to State and local governments. Under Title III, the website of an organization that qualifies as a “public accommodation” must be accessible to individuals with disabilities. Courts are split on whether “pure Internet” organizations (i.e., those without a bricks-and-mortar presence) are subject to website accessibility requirements.
- Identify accessibility issues. If the ADA applies to you, determine if your website poses accessibility problems to disabled individuals. The DOJ has not yet officially adopted rules for website accessibility, but is considering two sets of standards – the Web Content Accessibility Guidelines (WCAG) 2.0 created by the World Wide Web Consortium and the Electronic and Information Technology Accessible Standards published by the U.S. Access Board for compliance with Section 508 of the Rehabilitation Act. Common accessibility barriers include lack of closed-captioning for audio and video content, a site navigation structure unfriendly to keyboard-only users, and failure to provide descriptive text for images and non-text content.
- Get expert help. Web accessibility standards are highly technical. Consider consulting an IT expert with web accessibility experience to help you identify accessibility problems and solutions. You should also consult a lawyer with ADA experience to help you evaluate and mitigate legal risk, or to devise a defense strategy if you’ve already received a demand letter threatening litigation.
One of the bombshells in the DeflateGate saga was the revelation that Tom Brady had his cell phone destroyed shortly before meeting with the National Football League’s investigators. According to the NFL’s written decision suspending Brady, Brady knew that the investigators wanted access to text messages on the phone he had when the AFC Championship was played. Even so, Brady instructed his assistant to dispose of the phone—just four months after starting to use it. The dubious circumstances surrounding the disappearance of the phone greatly hurt Brady’s credibility in NFL Commissioner Roger Goodell’s eyes, and was instrumental to his eventual decision to discipline Brady.
There are HR lessons to be learned from this story. An employee’s mobile device can contain information you need for an investigation or lawsuit. So what can you do to get access to the device or the data on it now that employees frequently use their personal devices for work?
Adopting a Bring Your Own Device (BYOD) work policy is a good start. At a minimum, a BYOD policy should reserve the company’s right to access any electronic device an employee uses for work, even if the employee owns it. The policy should also state upfront that employees have no expectation of privacy to data stored on their personal devices – that’s the tradeoff for letting them connect to the company network.
After establishing the ability to take possession of employee-owned devices, think through the steps for preserving data on the devices before it’s too late. One measure is to issue a “litigation hold” instructing employees not to destroy a device or delete data from it. Be specific about the kinds of data they need to preserve. A crucial element of a litigation hold is an instruction to suspend routine purging of data or equipment – much like Brady’s practice of destroying his old phone whenever he got a new one. The litigation hold should be issued as soon as you know that a lawsuit or investigation is coming.
Next, determine the kind of electronic information you want. Preservation and extraction methods differ depending on the kind of data. Text messages need to be preserved quickly because once they’re deleted off a phone or tablet, it’s difficult to find a copy of them elsewhere. As Brady learned when he tried accessing text messages on his missing phone through his wireless carrier, carriers don’t keep subscribers’ text messages on their servers for very long, and they typically delete the messages after delivery to the recipient. Emails have a longer shelf life, especially if they’re stored in a web-based account like Gmail or Yahoo or transmitted through company servers.
Be proactive and act quickly. Don’t let your hopes of getting the electronic evidence you need get deflated.
The Hawaii Judiciary is proposing amendments to the Hawaii Rules of Civil Procedure (HRCP) to address e-discovery issues. The deadline for submitting comments is April 17, 2014. The proposed amendments are available here.
Some of the more notable changes being proposed are:
- The addition of references to “electronically stored information” (ESI) to Rule 26 (general discovery provisions), Rule 30 (depositions), Rule 33 (interrogatories), Rule 34 (document requests), Rule 37 (discovery sanctions and motions to compel), and Rule 45 (subpoenas)
- Amended Rule 26 expressly permits discovery of ESI with the caveat that a party need not provide discovery of ESI from sources that are not reasonably accessible because of undue burden or expense. The party claiming undue burden or expense has the burden to make that showing. However, even if the showing is made, a court may still order disclosure or discovery of ESI for good cause.
- Amended Rule 34 allows document requests to specify the form in which documents or ESI are to be produced. The responding party may object to the requested form, and if it does so, it must state the form it intends to use. If a request does not specify a form for producing the requested documents or ESI, the responding party must produce the requested materials in the form in which they are ordinarily maintained or in a form that is reasonably usable. A party does not need to produce the same documents or ESI in more than one form absent showing of good cause.
- Amended Rule 37 prohibits a court from imposing sanctions for failure to provide ESI lost as a result of routine, good-faith operation of an electronic information system absent exceptional circumstances.
- Amended Rule 45 would address requests for, and production of, ESI in the context of subpoenas.
For more information on the proposed amendments, visit the Judiciary’s website. To submit comments online, click here.
Suppose an email from your company’s in-house attorney instructs you to preserve all documents relating to an ex-employee who is threatening to sue for wrongful termination. In the days before smartphones and cloud storage, this would have been a relatively limited exercise: paper documents would be set aside and files on the company server would be backed up. But work-related data can be stored in many places today, including personal devices of employees. Is a company required to preserve such data?
Costco Wholesale recently faced that issue in an employment discrimination and retaliation lawsuit. See Cotton v. Costco Wholesale Corp., 2013 WL 3819974 (D. Kan. July 24, 2013). The plaintiff asked Costco to produce text messages on the personal cell phones of two of its employees who mentioned the plaintiff or his allegations. Costco objected on the grounds that the discovery request required it to invade the privacy of its employees, and there was no indication that the employees sent inappropriate text messages or used their personal phones for work purposes. The court denied the request, determining that Costco did not have possession, custody, or control of the text messages.
Although the court in the Cotton case ruled that the employer had no duty to produce information stored on the personal devices of the employees in question, the outcome might have been different if the facts had changed even slightly. Courts in other jurisdictions might also have taken a contrary approach.
The law in this area is far from clear, but following the guidelines below will help a company address e-discovery issues in their policy on personal electronic devices. An easy way to remember the guidelines is to think of the acronym “APPS”:
- Access: Reserve the right to access personal devices that store work-related data. Access is crucial if the company is legally required to collect and produce data residing in the personal devices of an employee.
- Permission: Clearly specify what personal devices employees are authorized to use for work-related purposes, if any. Consider keeping a log of authorized personal devices and require employees to update the log whenever they start using a new authorized device or retire an existing one. Your company’s document retention policy should extend to authorized devices.
- Privacy: Notify employees that they should have no expectation of privacy to data stored on a personal device if they use the device for work purposes. This prevents the company from being liable for invasion of privacy should it need to search the contents of a personal device to respond to a discovery request.
- Segregation: If possible, segregate work-related content from personal content on personal devices. Segregation can be implemented with software solutions, but if that is not feasible, at a minimum, instruct and train employees who use a personal device for work on how to keep their personal information separate from work data stored on the device. For example, storage of work-related data in a personal cloud storage account should be prohibited.
Follow the above guidelines to avoid getting caught off-guard by e-discovery requests.
Social media can be risky business. Whether an organization embraces or ignores social media, it or its employees probably already have a presence on a social network. That simple reality can be costly for an organization without proper measures in place to deal with the risks of social media misconduct. Readers of this blog are familiar with cases where business saw their reputations marred by employees who post embarrassing photos online about work mishaps or found themselves in legal trouble for firing an employee who vented on Facebook about a co-worker.
To help organizations manage the risks of social media activity, I’m proud to introduce SM Safety, a new line of services offered by my law firm. The approach of SM Safety can be summarized in three words, each corresponding to a level of service that meets a particular need: checkup, plan, and audit.
A SM Safety Checkup is a low-cost way to ensure that an existing social media policy is legally compliant and effective.
A SM Safety Plan is for organizations who need assistance with preparing a new social media policy or enhancing an existing policy.
A SM Safety Audit is a comprehensive review of an organization’s overall presence in the social media space to identify exposure to legal risks due to social media use.
Each SM Safety service is offered for a flat fee. To learn more about SM Safety or to obtain a quote, visit the SM Safety Services page on this site.