What the Department of Justice / Rite AID settlement agreement means to developers

Settlement Agreement template with signareu
TL;DR — if you don’t pay close attention to accessibility, you are effectively committing professional malpractice.

On November 1, 2021, the Department of Justice published a settlement agreement it entered into with the nationwide pharmacy chain Rite Aid specifically concerning the inability of people with disabilities to use both Rite Aid’s COVID vaccine service web pages and portal.

It’s been almost seven years since the DoJ issued one of these agreements. Several complaints of physical accessibility have included orders to remediate websites, but this is the first time the complaint was about something 100% digital. It won’t be the last.

Here are my takeaways.

If you don’t start with accessible design, you won’t get an accessible end product.

The Whitehouse and the DOJ consider the correct accessibility standard to be WCAG 2.1 Level AA. Ignore this fact at your peril.

If you receive design comps, wireframes or functional specifications that contain inaccessible content or do not include accessibility details — REJECT THEM! If you are told, “we don’t have time for accessibility, do it anyways,” if you don’t have that in email, confirm the verbal instructions in writing.

If you are using a design system or component library, it must be accessible.

It’s almost impossible to start with an inaccessible design system/component library and end up with an accessible end product.

  • If you are using someone else’s open-source design system, make sure it is accessible. A list of accessible open-source design systems I am aware of include: Clarity (VMware), Carbon (IBM), Material (Google), Lightning (SalesForce), Spectrum (Adobe), Fluent (Microsoft), Bold (Bridge Labs), Spark (FinTech) Quickbooks (Intuit), Polaris (Shopify), USWDS (US Government), and GOV.UK. If you know of one I’ve missed, please DM it to me or add it in a comment, and I will update all my reference materials that discuss this.
  • If you are building a custom design system or component library, make sure it is accessible.

Implementing WCAG 2.1 Level AA means your designs and code *MUST* be responsive

Even if you don’t support mobile web, WCAG 2.1 Level AA compliance requires responsive behavior to support magnification. Also, native apps must support both portrait and landscape orientation. See Fact 7 in this article.

Your code doesn’t have to be perfect, but A-level bugs are not OK.

The DOJ is not asking for perfect code. They understand that bugs happen. That is recognized in clause 13(c), which begins with:

A limited number of isolated instances of noncompliance … shall not constitute a material breach of this Agreement.

“Isolated instances of noncompliance” appears to be government-speak for “bug.”

The government is saying that a website containing A-level bugs could easily be considered a material breach of the settlement agreement. A-level bugs, by definition, block people with disabilities from being able to perceive, operate, or understand chunks or even all of a web page. However, it looks like the DOJ considers a few scattered, periodic AA bugs that do not impact a person with a disabilities’ access to the website pages acceptable.

Inaccessible code ties the entire dev and product team’s hands for years when someone files a complaint.

In this settlement agreement, Rite Aid has a maximum of 15 days (sometimes only 10) to fix accessibility bugs and may not launch new code if bugs are present.

When organizations postpone dealing with known accessibility debt until someone pushes them into a dispute, that organization will completely lose control of their Software Development Life Cycle.

  1. The organization launches new features — per the terms of the settlement agreement;
  2. The organization fixes bugs — per the terms of the settlement agreement
  3. The organization does training — per the terms of the settlement agreement;
  4. The organization must invest time writing reports defined in the settlement agreement about what your organization has done and how it has done it.

If outsourced developers fail to understand these requirements, I hope your insurance is up-to-date.

  • Most contracts contain boilerplate clauses mandating that the contractor follow local, state, and federal laws.
  • The ADA is a federal law, and some states like California have even stronger accessibility laws.
  • There are at least nine different local, state, and federal laws violated when inaccessible code is deployed publicly.
  • The Department of Justice has established a clear link between inaccessibility and ADA violations.

When a company incurs costs and reputational harm over inaccessibility, frequently, they look to shift the blame to someone else. This is called a “counterclaim” in the legal world. The client may try to recoup their enormous costs of entering into and then complying with the settlement agreement from your company. Your insurance might cover it, but they might not. If the vendor is uninsured, the company will be responsible for any damages awarded.

Keep good written records of accessibility decisions.

  • Ask “do you want this to be accessible” in writing, preferably with a link to this article 🙂 If they say no, you have proof it was the client’s decision, against your recommendation.
  • If accessibility gets dropped from the MVP along the way, get a confirmation from the client in writing so you can prove it was their decision and not yours.