The regulations IT needs to follow are now more extensive and onerous than at any other time in the history of commercial data processing. Strictures like Sarbanes-Oxley or the Data Protection Act are well-known by all CIOs. But even regulations that do not seem immediately problematic for IT cannot be ignored. Lobbyists have for some time been predicting aggressive action against organisations whose websites fail to meet accessibility standards, which – at least in the eyes of the law – means they could fall foul of the UK’s Disability Discrimination Act.
This is something of a paper tiger, as there have actually been no prosecutions under the regulations. However, a recent US case proves that this issue has not gone away. Target – the equivalent of the UK’s Currys, a well-known, high street electronics chain – has been mightily embarrassed by just such a charge. America’s National Federation for the Blind has won a successful class-action suit against Target for alleged shortcomings of its website for people with sight problems.
Well, can you blame them? An accessibility website carries this example of what a partially sighted person can expect to hear if they try and negotiate the site: “Steve landed on the Dyson vacuum cleaner button and the synthetic voice says, ‘link GP browse dot html reference zero six zero six one eight nine six three eight one eight zero seven two nine seven three five twelve million nine hundred and fifty seven thousand, one hundred and twenty one.”
If you thought that accessibility had died as an issue, think again. In fact, things could start getting worse in this field. Enthusiasts for all things Web 2.0 – or social networking, as it’s also known – are in danger of creating any number of exciting mash-up style interactive websites that disabled people have no hope of using. “I see a lot of people getting very excited about building the ‘new thing’ on the internet – but not taking accessibility into account,” warns Canadian accessibility expert and author, Derek Featherstone. So if your organisation’s definition of compliance stops with the handling of straightforward financial information, then you are probably missing a trick – especially if team members are pushing social networking particularly strongly. You spotted the deliberate mistake, of course. Who said that compliant handling of financial information was straightforward?
This is another lesson about what a moving target compliance really is and how CIOs need to keep it on their radar. It turns out that all that the Sarbanes-Oxley legislation meant to keep US companies on their toes, has become so onerous that US legislators are being pressed to soften the rules.
Whether they will listen remains to be seen but perhaps they will take it seriously when the trickle of US firms that prefer to float on London’s AIM rather than Wall Street at the moment becomes a flood because of the Sarbanes-Oxley overhead. The possible acquisition by Nasdaq of the London Stock Exchange only further confuses the issues. This may be bad news for the software companies that have been using the spectre of compliance as a way to get enterprise customers to buy yet more IT. However, it would probably be welcome news to those CIOs in the real world who have seen far too much development budget swallowed up dealing with the paranoia of US fiscal authorities. After all, according to a study by consultants Booz Allen Hamilton, just 13 per cent of all the value destroyed by US firms from 1993 to 2003, including Enron, was the result of failure of regulatory compliance or board oversight. The rest – 87 per cent – was caused by strategic or operational error. That said compliance has joined death and taxes as structural factors in the CIOs’ lot.