Tag Archives: zaroski

Will Your Website Get You Sued?

Plaintiffs’ attorneys have discovered a new, rich litigation vein to exploit, potentially yielding a treasure of targets to sue. Using Title III of the Americans with Disabilities Act (ADA) and applying it to a modern societal institution (the internet) that was not in existence or contemplated when that law was enacted, lawyers may have hit pay dirt again by claiming that websites are not accessible to the disabled.

Title III of the ADA requires places that are open to the public to not discriminate against individuals due to their disability or otherwise deny them “the full and equal enjoyment of the goods, services, facilities, privileges, advantages or accommodations of any place of public accommodation.” These rules apply to any company that permits “entry” by the public. Although traditionally Title III of the ADA has been applied to physical structures, recent cases have raised issues as to whether these rules may apply to websites, as well.

To date, the case law addressing these issues is very limited and has been mixed. Case law from the Seventh Circuit has applied the ADA to websites, and the First, Second and Eleventh Circuits have applied the ADA beyond physical structures, providing ground for plaintiffs to argue that the ADA can extend to a virtual space such as websites. Meanwhile, the Third, Fifth and Ninth Circuits have applied the ADA provisions to physical locations only.

See also: Broad Array of Roles for Disability Coverage  

The Department of Justice, which is responsible for interpreting and enforcing Title III of the ADA, says that Title III does apply to websites. However, in typical government fashion, the DOJ has delayed releasing its “accessibility” guidelines for webpages, with an anticipated release date in 2018.

While the regulations and laws on website accessibility may be unclear, a few law firms are nonetheless sending out demand letters targeting specific industry sectors nationwide (for example, private universities and real estate brokerage firms) and demanding compliance with onerous website standards. The letters ask the recipient to hire the plaintiff’s law firm (or their preferred vendor) to help reach an “acceptable level” of compliance. In addition, several national retailers, including Patagonia, Ace Hardware, Aeropostale and Bed Bath & Beyond have been named in lawsuits regarding accessibility to their sites. According to Bloomberg’s BNA reports, 45 of these type of lawsuits were launched in 2015. That number is expected to increase substantially in 2016.

With the law so unclear on this topic, how should businesses navigate these murky waters? First, if you receive one of these demand letters, you should consider contacting an attorney and should avoid engaging in discussions with the plaintiff or their law firm without representation. Then, along with your attorney and an IT representative (in-house or a vendor), develop a strategy to bring your webpage into accessibility compliance. Although there is no “one-size fits all” approach to move toward compliance, depending on what is on your website, businesses can consider providing audible text on each webpage and providing audible captions for pictures. Ultimately, to play it safe you may want to take all reasonable steps to improve navigation and access on your website.

See also: New Products and Combined Approaches

Takeaway

Lawsuits related to website accessibility could likely be next cash cow for plaintiffs’ attorneys. As the early case law on this issue is so mixed, there is little guidance as to who has to be compliant and what exactly compliance would look like. Until the DOJ gets around to issuing guidelines (assuming they provide much guidance), businesses should consider reviewing their websites and documenting reasonable efforts to make the sites accessible to the disabled. Further, companies should consider purchasing a robust employment practices liability (EPL) policy with broad third-party coverage that can potentially pick up the defense of claims related to website access claims.

This article was co-written by Marty Heller.

Demystifying “The Dark Web”

We often hear reference to the “deep” or “dark” web. What exactly is the deep or dark web? Is it as illicit and scary as it is portrayed in the media?

This article will provide a brief overview and explanation of different parts of the web and will discuss why you just might want to go there.

THE SURFACE WEB

The surface web or “Clearnet” is the part of the web that you are most familiar with. Information that passes through the surface web is not encrypted, and users’ movements can be tracked. The surface web is accessed by search engines like Google, Bing or Yahoo. These search engines rely on pages that contain links to find and identify content. Search engine companies were developed so that they can quickly index millions of web pages in a short time and to provide an easy way to find content on the web. However, because these search engines only search links, tons of content is being missed. For example, when a local newspaper publishes an article on its homepage, that article can likely be reached via a surface web search engine like Yahoo. However, days later when the article is no longer featured on the homepage, the article might be moved into the site’s archive format and, therefore, would not be reachable via the Yahoo search engine. The only way to reach the article would be through the search box on the local paper’s web page. At that time, the article has left the surface web and has entered the deep web. Let’s go there now…

THE DEEP WEB

The deep web is a subset of the Internet and is not indexed by the major search engines. Because the information is not indexed, you have to visit those web addresses directly and then search through their content. Deep web content can be found almost anytime you do a search directly in a website — for example, government databases and libraries contain huge amounts of deep web data. Why does the deep web exist? Simply because the Internet is too large for search engines to cover completely. Experts estimate that the deep web is 400 to 500 times the size of the surface web, accounting for more than 90% of the internet. Now let’s go deeper…

THE DARK WEB

The dark web or “darknet” is a subset of the deep web. The dark web refers to any web page that has been concealed because it has no inbound links, and it cannot be found by users or search engines unless you know the exact address. The dark web is used when you want to control access to a site or need privacy, or often because you are doing something illegal. Virtual private networks (VPNs) are examples of dark web sites that are hidden from public access unless you know the web address and have the correct log-in credentials.

One of the most common ways to access the dark web is through the Tor network. The Tor network can only be accessed with a special web browser, called the Tor browser. Tor stands for “ The onion router” and is referred to as “Onionland.” This “onion routing” was developed in the mid-1990s by a mathematician and computer scientists at the U.S. Naval Research Laboratory with the purpose of protecting U.S. intelligence communications online. This routing encrypts web traffic in layers and bounces it through random computers around the world. Each “bounce” encrypts the data before passing the data on to its next hop in the network. This prevents even those who control one of those computers in the chain from matching the traffic’s origin with its destination. Each server only moves that data to another server, preserving the anonymity of the sender.

Because of the anonymity associated with the Tor network and dark web, this portion of the Internet is most widely known for its illicit activities, and that is why the dark web has such a bad reputation (you might recall the infamous dark web site, Silk Road, an online marketplace and drug bazaar on the dark web). It is true that on the dark web you can buy things such as guns, drugs, pharmaceuticals, child porn, credit cards, medical identities and copyrighted materials. You can hire hackers to steal competitors’ secrets, launch a DDOS (distributed denial of service) attack on a rival, or hack your ex-girlfriend’s Facebook account. However, the dark web accounts for only about .01% of the web.

Some would say that the dark web has a bad rap, as not everything on the dark web is quite so “dark,” nefarious or illegal. Some communities that reside on the dark web are simply pro-privacy or anti-establishment. They want to function anonymously, without oversight, judgment or censorship. There are many legitimate uses for the dark web. People operating within closed, totalitarian societies can use the dark web to communicate with the outside world. Individuals can use the dark web news sites to obtain uncensored new stories from around the world or to connect to sites blocked by their local Internet providers or surface search engines. Sites are used by human rights groups and journalists to share information that could otherwise be tracked. The dark net allows users to publish web sites without the fear that the location of the site will be revealed (think political dissidents). Individuals also use the dark web for socially sensitive communications, such as chat rooms and web forums for sensitive political or personal topics.

Takeaway

Don’t be afraid – dive deeper!

Download the Tor browser at www.torproject.org and access the deep/dark web information you have been missing. Everything you do in the browser goes through the Tor network and doesn’t need any setup or configuration from you. That said, because your data goes through several relays, it can be slow, so you might experience a more sluggish Internet than usual. However, preserving your privacy might be worth the wait. If you are sick of mobile apps that are tracking you and sharing your information with advertisers, storing your search history, or figuring out your interests to serve you targeted ads, give the Tor browser a try.

Ransomware: Your Money or Your Data!

Your client, ABC Corp. is going about its business and then gets this message:

police

The above is a typical ransomware message, according to a recent Symantec Security Response report. What’s next? Pay the “ransom” and move on? Ransomware is a type of malware or malicious software that is designed to block access to a computer or computer system until a sum of money is paid. After executing ransomware, cyber criminals will lock down a specific computer or an entire system and then demand a ransom to unlock the system or release the data. This type of cyber crime is becoming more and more common for two reasons:

1. Cyber criminals are become increasingly organized and well-funded.

2. A novice hacker can easily purchase ransomware on the black market.

According to the FBI, this type of cyber crime is increasingly targeting companies and government agencies, as well as individuals. The most common way that criminals execute their evil mission is by sending attachments to an individual or various personnel at a company. The busy executive opens the file, sees nothing and continues with his work day. However, once the file has been opened, the malware has been executed, and Pandora has been unleashed from the box!

Now that the malware has been unleashed, a hacker can take over the company’s computer system or decide to steal or lock up key information. The criminals then make a “ransom”demand on the company. The ransom is usually requested in bitcoins, a digital currency also referred to as crypto-currency that is not backed by any bank or government but can be used on the Internet to trade for goods or services worldwide. One bitcoin is worth about $298 at the moment. Surprisingly, the amounts are generally not exorbitant (sometimes as nominal as $500 to $5,000 dollars). The company then has the choice to pay the sum or to hire a forensics expert to attempt to unlock the system.

The best way companies can attempt to guard against such cyber crime attacks is by educating employees on the prevalence and purpose of malware and the danger of opening suspicious attachments. Employees should be advised not to click on unfamiliar attachments and to advise IT in the event they have opened something that they suspect could have contained malware. Organizations should also consider backing up their data OFF the main network so that, if critical data is held hostage, they have a way to access most of what was kidnapped. Best practices also dictate that company systems (as well as individual personal devices) be patched and updated as soon as upgrades are available.

Finally, in the event you are a victim of a ransom attack, you would need to evaluate it constitutes a data breach incident. If the data hijacked is encrypted, notification is likely not necessary (as the data would be unreadable by the hacker). However, if the data was not encrypted, or you cannot prove to the authorities that it was, notification to clients or individuals is likely necessary.

Takeaway

Cyber extortion is more prevalent than most people realize because such events are not generally publicly reported. To protect against this risk, we recommend that companies employ best practices with respect to cyber security and that they consider purchasing a well-tailored cyber policy that contains cyber extortion coverage. Such coverage would provide assistance in the event a cyber extortion threat is made against the company, as well as finance the ransom amount in the event a payment is made.

When Are Background Checks Not Allowed?

The Equal Employment Opportunity Commission (EEOC) has been quite active in challenging employers’ use of criminal background and credit history checks during hiring. There is still significant uncertainty as to the current standards and law about the checks of criminal and credit history. The lack solid guidance makes it difficult for employers to determine how to evaluate their current use of this information, as well as to understand the legal pitfalls and hurdles that the EEOC has placed in front of them.

EEOC Directives

The recent activity emanates from the EEOC’s recent directive and key priority (as per its December 2012 Strategic Enforcement Plan (SEP)) to eliminate hiring barriers. This priority includes challenges to policies and practices that exclude applicants based on criminal history or credit check. The EEOC has a keen interest in this area, as it believes that criminal/credit checks have a disparate impact on African American and Hispanic applicants. As the EEOC pursues the directive, expect the EEOC to scrutinize failure-to-hire claims where a criminal history or background check was conducted. Even if the background check was “facially neutral” and was uniformly given to all applicants, the EEOC may investigate to determine if the check had a “discriminatory effect” on certain applicant(s).

The EEOC asserts that criminal background checks must be “job-related” and “consistent with business necessity.” Employers are advised to consider: (1) the nature and gravity of the offense or conduct; (2) the time that has passed since the offense, conduct or completion of the sentence; and (3) the nature of the job held or sought. The EEOC stresses the need for an “individualized assessment” before excluding an applicant based on a criminal or credit record.

Local/State/Federal Laws

Employers face additional legal hurdles regarding hiring practices because of recent local and state legislative developments. These laws are commonly referred to as “ban the box” (i.e., restrictions on the use of criminal history in hiring and employment decisions). Making matters even more difficult, employers have also been subject to a surge in class action litigation under the Fair Credit Reporting Act (FCRA). The FCRA regulates the use of and gathering of criminal histories through third-party consumer reporting agencies with respect to conducting background checks on applicants or employees.

Legal Actions

In pursuit of its directive, the EEOC has filed several large-scale lawsuits against employers. We expect that the EEOC will continue to file similar lawsuits throughout 2015 and beyond. Most have been brought as failure-to-hire claims. For example, an African-American woman brought a claim alleging that she was discriminated against based on her credit history. This claim started out as a single plaintiff action, but, after the EEOC conducted its initial investigation, the EEOC dramatically expanded the scope of the initial charge, alleging that the employer was engaging in a “pattern and practice of unlawful discrimination” against: (1) African-American applicants by using poor credit history as a hiring criterion and (2) African-American, Hispanic and white male applicants by using criminal history as a hiring criterion.

Reasonable employers complain that the EEOC has placed employers in a Catch 22. Employers have to choose between ignoring criminal history and credit background, exposing themselves to potential liability for criminal and fraudulent acts committed by employees or to an EEOC lawsuit for having used this information in a discriminatory way.

Takeaway for Employers

Claims involving criminal background checks and credit checks are an EEOC priority. At this time, employers have little guidance from the courts or the EEOC as to exactly what “job-related” and “consistent with business necessity” mean and just how closely a past criminal conviction has to correspond with the duties of a particular job for an employer to legally deny employment to an applicant. Moreover, employers continue to witness expanding restrictions dealing with criminal history at the state and local level based on ban-the-box legislation, as well as with an increasing number of class action lawsuits involving background checks as required under the Fair Credit Reporting Act.

Employers are encouraged to work closely with legal counsel as to what they should and should not ask on applicants as well as how and when they can use background information they obtain. Based on this evolving area of the law, we additionally recommend that employers purchase a robust EPL policy that will defend them in the event that the EEOC or a well-skilled plaintiff’s counsel pursues a claim against them for discrimination, or for failure to hire based on criminal or credit background checks.

How Strict Can a Dress Code Be?

Does your company have a “look” or standard of dress it requires in the workplace? No hats, or maybe no beards? Can you deviate from the dress code?

Increasingly, employees and applicants for employment are making “failure to accommodate” claims on the grounds that they were discriminated against based on their need for a change or exception to a workplace grooming or dress policy. Examples of religious discrimination or failure to accommodate can include: not hiring the applicant because she doesn’t fit the company’s “look” or placing an employee in a non-customer-facing position because of religious attire or grooming (e.g., long beard, piercings, head scarf ).

The law

Title VII of the Civil Rights Act of 1964 (“Title VII”), 42 U.S.C. § 2000e, et. seq., as amended, prohibits employers with at least 15 employees from discriminating in employment hiring, recruitment, promotion, benefits, training, job duties, termination or any other aspect of employment on the basis of religion. It also prohibits retaliation for complaining of religious discrimination or for participating in the investigation of such claims, and for denying reasonable accommodations, including accommodations for religious attire or grooming standards. It is the EEOC’s position that an employer is required to reasonably accommodate an employee’s religious beliefs or practices, unless doing so would cause more than a minimal burden on the operations of the employer’s business.

Title VII only provides protection to sincerely held religious beliefs and practices about dress code. These protections are broadly interpreted and cover not only traditional religious beliefs but also those that are new and uncommon. If an employee merely makes such a request for accommodation based on personal preference rather than religious belief, there are no Title VII protections or implications. However, the requirement that employers and their management learn to distinguish between these two types of requests can be daunting and dangerous in light of the litigious society we live in.

Recent case

In February 2015, the United States Supreme Court heard arguments in a case filed against Abercrombie & Fitch, where a Muslim applicant was rejected after wearing a head scarf (known as a hijab) to an interview, based on the hiring manager’s belief that such covering violated the company’s rigid “look” policy, which forbids caps and hats. The applicant never asked for an accommodation, and the employer never opened a dialog as to whether a reasonable accommodation to the dress code would be necessary. Once a ruling is issued, we hope the Supreme Court will provide guidance as to when an employer has any obligation to open dialog about religious accommodation without the employee or applicant making such a request.

Takeaway

To ensure compliance with the law, employers must be informed and vigilant when applying workplace uniform, “look” or grooming policies, particularly as they apply to employees or applicants in need of a religious accommodation. Management or hiring decision makers should be trained on how to implement religious accommodation requests, specifically, learning to identify and understand religious clothing accommodation requests and how to properly engage in such discussion. When in doubt as to the proper handling of a religious clothing accommodation, we suggest that you contact a labor and employment lawyer before making employment decisions. Your attorney can also help identify potential pitfalls in uniform, look or other clothing policies. Further, a well-designed employment practices liability (EPL) insurance policy should be purchased to mitigate potentially costly financial damage, should you be faced with a discrimination suit based on religious dress or grooming.