Examining website accessibility under the ADA

The Current State of Website Accessibility for Disabled Individuals – Zenyth Group CEO Daryn Harpaz

The relationship between technology and autism services has been a focus of my thinking and writing lately. It’s an urgent topic that I feel deserves attention, but it’s also led me to a broader conversation about inclusivity (or lack thereof) of technology for the larger disabled community. As our lives become increasingly enmeshed with technology—phones at our fingertips, brick and mortar retail locations rapidly disappearing, the supremacy of social media and e-commerce—the need for technology that can accommodate the disabled community is at once something that must be a priority, yet is often either left ignored by businesses or unaddressed because they lack the knowledge and ability to make their websites ADA compliant.

In search of more information about this landscape and the “state-of-play” when it comes to websites and online life generally becoming more accessible for disabled individuals, I spoke with WCAG (Website Content Accessibility Guidelines) Compliance Specialist and Founder and CEO of Zenyth Group, LLC, Daryn Harpaz. Our conversation revealed some curious information, statistics that should scare and incentivize business leaders, and insights that should give us all a better idea about the status quo informing current inclusivity efforts for disabled individuals online.

The first thing to know is that it’s impossible to have this discussion without mentioning the Americans with Disabilities Act which passed in 1990. As Daryn explained it, officially, there is no legislation holding private sector websites accountable for accessibility, as the law predated the prevalence of the internet as we use it today. However, guidelines put together by the World Wide Web Consortium have essentially been adopted as precedent, and those guidelines are confirmed by the Department of Justice. Lawsuits pursuant to accessibility compliance are being upheld by the courts, so while nothing is instantiated by law, it’s becoming a must for businesses to ensure their websites are fully accessible to the disabled community.

“Currently there’s a [accessibility] lawsuit being filed at the rate of one per hour in America. And these are lawsuits most prominently bought by the plaintiff side—a blind plaintiff who is not able to access a website using a screen reader and a keyboard,” Daryn told me. While vision impaired people (4.6% of the disabled population in America) struggling with assistive technologies online represent the majority of the lawsuits we’re seeing, guidelines cover a much wider spectrum of conditions, and so solutions need to address the same.

Individuals disabled in some way—including autistic individuals or people with epilepsy—comprise about 15% of our population in America, or 61 million people. Add to that the fact that 40% of US adults over the age of 65 have one or more disabilities (many of whom would benefit greatly from more accessible websites due to vision loss and motor functioning complexities) and the market is too large to be ignored. Yet, many businesses still aren’t addressing the issue properly.

POST WRITTEN BY Ronit Molko

Ronit Molko, Ph.D., BCBA-D, is an Autism Industry authority, speaker, and ForbesBooks author of Autism Matters.

Six Ways Technology Due Diligence Failure Can Kill Your Private Equity Investment

Six Ways Technology Due Diligence Failure Can Kill Your Private Equity Investment

No matter what market you’re in, technology is a significant element of your business. Taxi companies learned this when Uber and Lyft employed sophisticated apps to topple their industry. Prior to the emergence of those two frame-breaking enterprises, few in the taxi industry would have considered themselves in the technology business.

Even a high-touch industry, like autism services, invests significant intellectual and monetary resources into computers, databases, practice management, and other critical technology.

These systems and the people who run them are often overlooked when investors conduct due diligence before acquiring autism businesses. But they do so at considerable risk.

A 2007 study at the University of Virginia found that two-thirds of mergers and acquisitions fail to deliver their expected returns. More recent research (2016, 2017) shows this number as ranging between 50 and 85 percent. Much of this is due to poor integration of cultures and business practices. A significant piece of this is systems and technology.

In my work with private equity firms, I frequently encounter this problem. Investors acquire platform companies comprising multiple businesses that have been acquired and consolidated in a relatively short period of time. Frequently, each of the businesses within this platform is using different software for data collection, analytics and practice management. Often, it’s chaos for the employees who are charged with integrating new acquisitions into the company. Combine that with the growing failure to conduct substantial technology due diligence and what we’re left with are investors putting their investments at needless risk.

After speaking extensively with Scott Klososky of TriCorps Technologies, there are six areas of technology that investors must examine before investing in an autism business. These principles are applicable to any business, actually, but they are particularly pertinent in our field because investors often overlook the IT side of the house and focus most of their diligence efforts on reimbursement, risk and compliance, the social impact of the business, and the scalability of the clinical model.

Compromised Systems

No investor wants to purchase a company whose data has already been stolen. Consequently, it is critical to investigate the security of a target company’s data before investing. Due diligence investigations of Yahoo’s data systems saved Verizon $350 million. After discovering all three billion Yahoo email accounts had been hacked, Verizon slashed its $4.48 billion offer to cover the cost of remediation. Absent due diligence, Verizon would have paid for the email accounts and then found itself liable for the problem. Conversely, Marriott purchased Starwood and discovered a massive data breach in the reservation system that resulted in the hacking of personal data, including passport numbers, for millions of customers. Marriott failed to conduct proper due diligence during the transaction and has since incurred many millions of dollars in expenses to remedy these issues.

IT Integration

When two enterprises merge, the major concern is the integration of two distinct organizations. Most merging entities recognize the challenge of combining physical, cultural and operational systems, but often neglect or miscalculate the complexity of the required integration of IT. In my experience, the reliance on synergies and applicability of existing systems is generally overestimated; as a consequence, the cost to merge IT systems is generally underestimated. Most organizations are struggling just to integrate and optimize their own systems and would be severely challenged to assimilate a new one or to migrate the entire company to the best option available.

IT Staff Considerations

Put yourself in the shoes of your employees. An imminent merger or acquisition threatens their continued employment. Destroying documentation; changing protocols, passwords, etc.; and installing obsolescence into IT systems are just three strategies to create a level of indispensability that would protect their job or cause damage to the business once they are let go.

It’s important to remember that the overwhelming majority of people would never consider such actions. But it only takes one bad actor to wreak havoc for a company. Those closest to and with the deepest knowledge of the technology, software, systems, and processes that keep the company running smoothly are the ones with the greatest potential to do major damage. There are numerous accounts of these events in mergers and acquisitions. Companies can protect themselves: there are defense mechanisms against this kind of behavior that are the purview of IT experts.

The Leakage of Intellectual Property

Bearing in mind the same caveats about human nature, employees have been known to steal information. Not just a priority when selling the business, protecting intellectual property must be a core due diligence practice at all times. In one of my own businesses, an employee downloaded critical business information and intellectual property and used it to establish their own company, now worth a significant amount of money. During acquisition discussions, determining who is most likely to feel their job is in jeopardy can lead to defensive measures that protect intellectual property prior to completion of the purchase as well as throughout the lifespan of the business.

Social Engineering Hacks

While these sorts of attacks are an ever-present threat to businesses, smart criminals know that companies are especially vulnerable at times of sales or acquisitions and can exploit the situation to steal money. In a growing wave of cyber theft, we are seeing increasing incidents of thieves hacking into company email and sending requests for payments that go directly to an offshore account. Staff, aware that a transaction is imminent, comply with the request and suddenly large sums of money are gone. A client of mine avoided this scam only because the accounting employee questioned the CEO in person about transferring funds by wire. This is the exception that proves the rule. Oftentimes, transactions like this, that get easily flagged in the normal course of business are processed without hesitation during a sale because atypical financial transactions are commonplace during these periods.

Email Trading

The final vulnerability to look for is relevant to publicly traded companies. Before a deal is ever announced, there will be rumors circulating about the sale. More dangerously, there will be ongoing chatter between business leaders that reveals sensitive information, most especially a possible sell date.

While rare, it’s not unheard of for opportunistic employees who know their way around the company’s systems to gain access to email communications and begin monitoring leadership’s emails throughout the ensuing weeks and months to parse them for valuable details that they then use to make personally advantageous stock trades with should-be confidential insider information. Many young IT professionals have been arrested for this kind of breach.

The positive thing to keep in mind here is that these attacks are avoidable. Managers that get caught in this trap are usually using an unsecured email server like Gmail, to which some employees have full admin access. Companies in the midst of a sale or acquisition cannot afford to be naive about access to information. An added emphasis on private communication and enhanced security provisions around sale preparations can easily remedy this kind of vulnerability.

Understanding these six elements of due diligence facilitates a process of digital risk mitigation that can save investors millions of dollars and secure the viability of entities, in our industry, that provide critical services to a population in serious need.

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.