Covington Internet of Things Update: Promise and Peril — IoT and Your Insurance

Two hundred billion IoT devices could be in use by 2020, according to one estimate cited in the World Economic Forum’s recent report, Mitigating Risk in the Innovation Economy.  This rapid integration of the digital world and the physical world presents unprecedented opportunities for businesses in a wide array of industries.  But it also creates unprecedented risks.  Despite ongoing efforts to create security standards for IoT devices — for example, the National Institute of Standards and Technology’s recent draft paper to this end — the security of such devices currently remains wanting.  With the cyber and physical worlds so closely intertwined, future hacking incidents may threaten not only electronic data, but also property and lives.

Policyholders adopting IoT and related technologies may face uncertainty over coverage for these so-called “cyber-physical” harms under commonly available insurance policy forms.  Most cyber insurance policies have expressly excluded coverage for bodily injury and property damage, while standard-form general liability and property policies may have exclusions that some insurers invoke to dispute coverage for cyber-related harms.  In recent years, however, new insurance policies and endorsements have emerged to address this coverage uncertainty by giving policyholders options for explicit coverage for physical damage from cyber attacks.

As policyholders adopt technology that links their physical systems to digital components, they should consider what potential real-world harms could result from their cyber-networked things — and whether their existing lines of insurance cover them.  Such policyholders may conclude that it is time to explore the newer insurance products specifically geared towards cyber-physical risks.  Even these purpose-built policies and endorsements call for careful scrutiny and potential negotiation, however, because they are not standardized. Not only do policy wordings vary, but so do individual policyholders’ risk exposures. For example, a policyholder that may be an especially attractive target for state-sponsored hacking may need to pay particular attention to the wording of exclusions such as the common “war” and “terrorism” exclusions.  Guidance from experienced coverage counsel and sophisticated insurance brokers is useful, if not essential, for those exploring this relatively novel territory.

States Battle to Resurrect Net Neutrality Rules

On December 14, 2017, the Federal Communications Commission (“FCC”) voted along party lines to adopt a 210-page Declaratory Ruling, Report and Order, and Order (the “Restoring Internet Freedom Order” or “Order”) geared towards overhauling the net neutrality framework established during the Obama administration in 2015 (the “2015 Order”).  On February 22nd, the Order was officially published in the Federal Register — kicking off the period for filing of court challenges to the FCC’s decision and for efforts by Democrats in Congress to signal dissent through passing a resolution of disapproval under the Congressional Review Act.

Against the backdrop of these actions at the federal level, for the past few months several states have taken matters into their own hands and begun proposing their own ways to restore the 2015 Order’s net neutrality rules within their borders.  Such efforts, even if successful at the state level, will likely be met in the courts by the Restoring Internet Freedom Order’s explicit statement that the Order preempts all “inconsistent state and local regulations.” 

Governors from Montana, New York, New Jersey, Hawaii, and Vermont, for example, have issued executive orders that condition Internet Service Provider (ISP) contracts with state agencies on adherence to net neutrality principles.  Other state legislative proposals would implement similar requirements for internet-related state contracts. 

In addition, several state lawmakers have introduced legislation that would implement net neutrality principles at the state level.  A proposed bill in California (SB-460), for example, would prohibit providers from blocking lawful content (with exceptions for reasonable network management), impairing or degrading lawful traffic, engaging in paid prioritization, or using marketing tactics that are misleading with respect to treatment of internet traffic.  Other state proposals would create additional network management reporting requirements (e.g., Idaho’s HB-425), require disclosure of paid prioritization policies and agreements (e.g., New Jersey’s A-5257), and channel penalties for noncompliance with net neutrality principles towards funds for municipal broadband projects (e.g., West Virginia’s SB-396).  As of the date of this posting, two state legislative proposals, California’s SB-460 and Washington’s HB-2282, have already passed in one state legislative house and advanced to the other for consideration.     

Some states have also turned to the courts as a way to reinstate the original 2015 Order.  As soon as the Order was published in the Federal Register, New York Attorney General Eric Schneiderman announced that he and 22 other state attorneys general filed a petition for review of the Order in the U.S. Court of Appeals for the D.C. Circuit, arguing that the FCC’s repeal of the previous Order’s net neutrality rules was “arbitrary, capricious, and an abuse of discretion” within the meaning of the Administrative Procedure Act.  Other litigants have 10 days from the date the Order was published in the Federal Register to file similar petitions for review in order to be included in a court lottery that will consolidate the challenges.  Trade associations representing both large and small Internet Service Providers and other supporters of the Order are also expected to file in defense of the FCC’s decision.

Meanwhile, a number of municipal jurisdictions are signaling their intent to move forward with plans to provide public broadband on their own terms.  In San Francisco, for example, officials are preparing for a Request for Proposals “to design, build, finance, operate, and maintain Citywide Fiber” infrastructure that, among other things, will require ISP applicants to adhere to certain principles, including net neutrality.    

In short, the debate on net neutrality continues on many fronts — at the federal, state, and local levels, and before courts, legislatures, agencies, and elsewhere.  While the ultimate outcome is uncertain, it is clear that 2018 will see significant activity around the issue of net neutrality.      

 

Covington Internet of Things Update: Latest NIST Draft Report a Call to Action for Federal Agencies and Private Companies

Inflection Point for IoT

In a relatively short amount of time, the adoption of the Internet of Things (IoT) and its applications— from smart cars to the myriad of interconnected sensors in the General Service Administration building reminiscent of HAL 9000 from 2001: A Space Odyssey— has rapidly proliferated, providing significant opportunities and benefits. However, the increased ubiquity of IoT comes with heightened risks to security, privacy and physical safety and without a standardized set of cybersecurity requirements, many IoT devices and systems are vulnerable to attack. Earlier this month, the National Institute of Standards and Technology (NIST) (through the Interagency International Cybersecurity Standardization Working Group (IICS WG)) released a draft report to help both federal agencies and private companies plan and develop cybersecurity standards in their use and production of IoT components, products, systems and services. The draft report stresses the importance of coordination across the private and public sectors in developing standards to bolster the security and resilience of IoT, provides a snapshot of current international cybersecurity standards, and offers recommendations for gap-filling.

Mind the Gap           

The draft report uses five market areas of IoT application (Connected Vehicles, Consumer IoT, Health IoT & Medical Devices, Smart Buildings and Smart Manufacturing) to provide a synopsis on the current state of play for international cybersecurity standards along the following core areas:

  • Cryptographic Techniques
  • Cyber Incident Management
  • Hardware Assurance
  • Identity and Access Management
  • Information Security Management Systems
  • IT System Security Evaluation
  • Network Security
  • Security Automation and Continuous Monitoring
  • Software Assurance
  • Supply Chain Risk Management
  • System Security Engineering

While there are at least some established standards in most of these core areas, a few areas currently lack standards (namely, IT System Security Evaluation, Network Security and System Security Engineering). Indeed, even where standards have been established, consistent implementation across the five market areas are either lagging or nonexistent. For example, although some Hardware Assurance standards exist for the Connected Vehicles and Health IoT market areas, implementation has been lagging, while the same standards have yet to be implemented in the Consumer IoT, Smart Building and Smart Manufacturing market areas. This inconsistency in standards and adoption is explained by the draft report as a function of the traditional prioritization of cybersecurity in networks. Typically, cybersecurity focuses on confidentiality, integrity, and availability (in that order), but when an organization develops standards for IoT technologies, it’s important to consider how the IoT components interact with the physical world as well as each other when prioritizing; accordingly, cybersecurity for an IoT device may be ordered differently depending on the use case.  For example, Hardware Assurance is likely the most important issue for a medical device such as a pacemaker while Identity and Access Management are likely paramount for Smart Buildings.

A New Standard of Care?

So why should private companies care about this draft report?  NIST is a part of the Department of Commerce and unlike other standards bodies that are dependent on licensing revenues for funding, NIST’s work is effectively in the public domain. Some NIST standards (such as FIPS) become requirements for federal agencies and their contactors, particularly in the absence of clearly identified alternatives (the Department of Defense, for example, imposes the security controls found in NIST publication 800-171 on its contractors). Therefore, suppliers and contractors to government agencies will often be required to evaluate themselves against NIST standards in the absence of industry accepted alternatives.

Further, to the extent that NIST finalizes this report and establishes that there are approved cybersecurity standards that are characterized as mature, manufacturers and users of IoT devices may face an argument that following those standards is a standard of care to which they must adhere.  In a typical common-law context, the standard of care is determined by asking what a reasonable and prudent person would do in the same circumstance.  To be imposed as a standard of care, however, the cybersecurity standard also must have reasonable acceptance in the relevant community and impose a specific duty on a person or company.  Though the NIST report does not yet represent such a standard, NIST’s view is persuasive to some sectors and available for companies without cost.  Companies working in the US may want to consider the positions in this report in their planning sequences, perhaps to leverage the final version as a self-assessment tool to identify gaps and/or to confirm that certain named standards are not relevant to their organizations.  Given that NIST is seeking feedback from the public, there is an opportunity for private companies to have meaningful input in the final version of this report.

The Clock is Ticking

At a time when the application of IoT is experiencing rapid growth across industries, NIST states that it hopes the report will inform and enable managers, policymakers, and Standards Developing Organizations as they seek to develop a holistic cybersecurity framework focused on security and resiliency. Although the benefits of IoT are significant, the draft report acknowledges that “the timely availability of international cybersecurity standards is a dynamic and critical component for the cybersecurity and resilience of all information and communications systems and supporting infrastructures.”  Failing to establish effective standards could have significant consequences on current products and on how future products are developed.

Public comments to the draft report are being accepted until April 18, 2018 and can be submitted to NIST at NISTIR-8200@nist.gov using the comment template available at https://csrc.nist.gov/publications/detail/nistir/8200/draft.

Covington Internet of Things Update: China’s regulatory environment steps up for Low-Power WAN IoT deployment

In 2017, the Ministry of Industry and Information Technology (MIIT), China’s telecom regulator and industrial policy maker, issued the Circular on Comprehensively Advancing the Construction and Development of Mobile Internet of Things (NB-IoT) (MIIT Circular [2017] No. 351, the “Circular”), which sets out the policy goals and plans for NB-IoT development in China and concrete steps in achieving them. NB-IoT is a form of Low-Power WAN (LPWAN) technology dependent on basic telecom carriers’ cellular networks using licensed frequencies.

Highlighting the advantages of mobile IoT (NB-IoT), namely, wide coverage, large amount of connections and low power consumption, the Circular stresses the importance of stepping up the construction of NB-IoT infrastructure, development of related applications, advancing the deployment of NB-IoT networks, and general promotion of innovation in this area in China.

To achieve these policy goals, the Circular calls for strengthening of R&D with regard to the NB-IoT standards, expedited local implementation of 3GPP’s NB-IoT standard and early completion of the upstream and downstream value chain for the domestic NB-IoT industry, including chips, modules, network equipment, applications products and service platforms. In particular, the Circular envisioned that basic telecom carriers in China, i.e., China Mobile, China Unicom and China Telecom, would expedite the already in progress large-scale deployment of the NB-IoT network and build up access capacities; specifically, by the end of 2017, the network would cover major Chinese cities with 400 thousand base stations and 20 million connections throughout China. By the end of 2020, it is envisioned that the NB-IoT network could cover all of China with in-depth coverage for applications such as indoors, transportation networks, underground pipes and so on, with the number of base stations reaching as many as 1.5 million and more than 600 million connections throughout China.

The Circular further encourages the applications of NB-IoT in the following areas:

  • Public services in smart cities: including smart meters for public utilities such as water, power, gas, heating, smart parking management, environmental protection monitoring, etc.
  • Household use and consumption: including smart home appliances, wearable devices, home care, pet tracking, etc.
  • Industrial manufacturing: including the monitoring and control of the manufacturing process, use in the logistics, agriculture, and other sectors.

The Circular also provided regulatory support for the application of NB-IoT in terms of allocation of operating frequencies and coordination of NB-IoT’s network requirements with that of 3G, 4G, and future 5G systems, optimized number and code allocation, enhanced information security safeguards, establishment of industrial alliance and public service platforms, etc.

Developments to date – NB-IoT rollout across China

So far, NB-IoT has gained significant momentum in its deployment in China, particularly, in the innovative technology sectors. For example, the applications of NB-IoT in shared bicycles and smart hardware are particularly encouraged due to the in-depth as well as wide coverage and low power consumption of the technology. Two of China’s leading bike-sharing apps, Mobike and Ofo, have applied the technology in their bikes’ smart locks and to expand their bike deployment. For example, as of October 2017, there were more than 5,000 Ofo shared bikes up and running in Beijing with NB-IoT smart locks. Notably, unlike some other technologies, wireless signals of NB-IoT can reach much lower depths of underground parking, and base stations can cover dozens of kilometers. Once a battery is installed, it can last up to several years.

In recent months, companies in various positions in the LPWAN value chain have also invested heavily in R&D, hardware and platform building. For example, China Mobile, one of the three national telecom carriers, announced an invitation to tender for the procurement of a design and construction service for cellular IoT’s wireless and core network equipment, the construction costs of which are estimated to be in the region of RMB 39.5 billion (approximately US$ 62 billion). The company is also planning to procure 1.11 million antennas for its NB-IoT network during the 2017-2018 period. In 2017, China Telecom also upgraded 310 thousand base stations nationwide to render them compatible with NB-IoT.

Other forms of LPWAN: LoRa and Sigfox also making progress in China

NB-IoT is not the only form of LPWAN technology making an appearance in China; other major complementary or sometimes competing LPWAN technologies such as LoRa and Sigfox share some of its advantages but are different in other respects.

  • For example, LoRa, a propriety LPWAN technology backed by the LoRa Alliance, is not dependent on the basic telecom carrier’s cellular network. Instead it uses unlicensed radio frequencies, which can be constructed to form a private network. This technology has already been used in electrical power metering by power companies nationwide in China. As of December 13, 2017, the MIIT had been soliciting public comments on the draft Technical Requirements for Micro-power Short-Range Radio Transmission Devices (the deadline was January 15, 2018), which may regulate the range of radio frequencies used by LoRa and potentially impact the future development of LoRa in China.
  • Sigfox, another proprietary LPWAN technology running over a public network in the 868 MHz or 902 MHz bands, was previously absent from the Chinese market. However, on January 9, 2018, in the presence of Chinese President Xi Jinping and visiting French President Emmanuel Macron, Sigfox signed a strategic agreement with local partners and the municipal government of Chengdu, a city in China’s western region to begin Sigfox’s trial deployment. This will firstly be done in Chengdu, specifically applied in the context of care for senior citizens, followed by possible further deployment in 20 other Chinese cities.

As China’s regulatory environment for LPWAN matures, a significant surge in the application of diverse IoT technologies in the country is expected, not least in the context of China placing itself as one of the leaders in the IoT space. In light of the business opportunities arising out of IoT development globally, companies should be mindful of the regulatory rules’ impact on their businesses. Covington’s Asian team across three offices in Beijing, Shanghai and Seoul has significant, feet-on-the-ground experience helping clients navigate new regulations. It is also well positioned to address clients’ needs in the IoT sphere, including in relation to their participation in industrial, innovation and competition policy making, legislation and standard-setting, market entries for cross-border investment, IoT related intellectual property rights transactions and dispute resolution, as well as competition, cyber-security and privacy issues. We will continue tracking and advising on local IoT developments and report on the news and insights in the area on a frequent basis.

FCC: Bitcoin Mining Equipment is Causing Interference to T-Mobile in Brooklyn

Yesterday, the Federal Communications Commission sent a letter to an individual in Brooklyn, New York, alleging that a device in the individual’s residence that is being used to mine Bitcoin is generating spurious radiofrequency emissions, causing interference to a portion of T-Mobile’s mobile telephone and broadband network.

The letter states that on November 30, 2017, FCC agents investigated complaints of interference by T-Mobile and determined that it was being caused by an Antminer 5s Bitcoin Miner device. The letter states that the determination was specific to this particular device, and is not meant to suggest or find that all Antminer s5 devices cause unlawful interference. As a consequence, the letter does not suggest that all Bitcoin mining devices raise regulatory concerns.

Nevertheless, the letter is an important reminder that while consumer electronics products such as the Antminer s5 do not require an FCC license to operate, they emit radiofrequency energy and therefore must operate within certain parameters to avoid causing harmful interference to other devices or networks.

Covington Internet of Things Update: Off to the races – How will policy shape autonomous vehicles tech in 2018?

At the start of 2018, we find ourselves in the midst of an autonomous vehicles revolution.  In the private sector, leading, and some nascent, autonomous mobility innovators have forged ahead with a surge of investment.  Last year, The Brookings Institution found that during a snapshot between 2014 and 2017, more than 160 investments worth more than $80 billion went toward the auto electronics, microchips, sensors, artificial intelligence and deep learning, digital mapping, ridesharing, physical systems, and other software needed to power autonomous mobility.

Some of the transactions were large (e.g., GM acquired Cruise Automation for $1 billion); many others registered relatively smaller blips on the radar (e.g., NVIDIA’s $5.25 million investment in Optimus Ride, or Ford’s $6.6 million investment in Civil Maps).  But the volume — and the acceleration of investment beginning in 2016 — speaks to a general dynamism in the autonomous mobility space.

Indeed, the race to become the first jurisdiction to have autonomous vehicles on the road is becoming an increasing priority for governments globally, particularly within the United States, Europe and Asia.  A recent study from KPMG has ranked 20 countries on their readiness for autonomous vehicles.  The United States and European countries ranked among the highest with the U.S. at third place, and the Netherlands in first.  Although Singapore ranked second, other Asian countries didn’t rank quite as highly; South Korea tenth, Japan eleventh, and China sixteenth.

U.S. Developments

The federal government has been moving ahead apace in the new year.  Autonomous vehicles are the subject of bipartisan legislation on Capitol Hill, where both the House (SELF-DRIVE Act) and the Senate (AV START Act) have developed (and, in the case of the House bill, passed) legislation that would allow innovators to seek exemptions from state and federal regulations that might ordinarily hamper the acceleration of new car design and technology deployments.  The Senate bill is still under consideration and its author is making an effort to respond to concerns that Democratic members have raised about safety.

Perhaps more immediately relevant to stakeholders in the autonomous mobility sector is a recent set of requests for comment issued by the federal Department of Transportation (DOT) — the dockets for which remain open until early March.  On January 10th, DOT announced requests for information and comments from the Federal Highway Administration (FHWA), the Federal Transit Administration (FTA), and the National Highway Traffic Safety Administration (NHTSA).  FHWA seeks information on the integration of automated driving systems (ADS) into the highway transportation system; FTA seeks comments on transit bus automation technology (and potential areas of future research) and on removing barriers to transit bus automation; and NHTSA seeks comment on removing regulatory barriers for automated vehicles.  These requests for comment and information provide an opportunity for the private sector to influence the shape of the autonomous mobility landscape for years to come.

European developments

As highlighted by the KPMG study, the autonomous vehicle landscape in Europe is equally showing a bright future, and the race between Member States and European automotive companies to be the first the get driverless cars on the road is rife.

To ensure Europe remains competitive in this area the European Commission has been active with the development of various funding initiatives and working groups.  In November 2016, the Commission published a strategy on Cooperative Intelligent Transport Systems (C-ITS) which examines possible legislative developments in this area.  A public consultation on the specifications for C-ITS closed on January 12, 2018, with the results currently pending.

Legislative developments at Member State level have also been important in ensuring this race remains competitive.  For example, as of July 2017 in Sweden, the Road Transportation Authority has been able to authorize permits to allow companies to trial autonomous vehicles on Swedish roads.  Last year the Netherlands approved a bill which allows the testing of autonomous vehicles without a driver, and the UK’s chancellor announced in his 2017 autumn budget plans for new legislation which will allow self-driving cars on UK public roads without a driver behind the wheel by 2021.

Developments in China

The Chinese government is also in the process of developing rules of the road for autonomous vehicles.  Notable examples include local road testing rules promulgated late last year in Beijing (Guiding Opinions on Accelerating Work Relating to Autonomous Vehicle Road Testing in Beijing (Trial)) (Dec. 15, 2017), as well as the forthcoming local rules expected to be announced soon in other cities.  These local rules allow autonomous vehicle companies to apply for permits to conduct road testing and set out basic guidelines for eligibility and liability standards.

Also, multiple initiatives are underway at the national level.  For example, the Ministry of Industry and Information Technology (MIIT) is in the process of drafting trial regulations for road testing of intelligent vehicles that will, among other things, “regulate road test applications, verification management, [and] accident liability allocation.”  This work complements an earlier commitment to equipping more than 50% of new vehicles by 2020 with driver assistance systems, partial automation systems, or conditional automation, and 10% of new vehicles with Internet-connected driving assistance systems in China’s Medium- to Long-Term Development Plan for the Automobile Industry. (Apr. 6, 2017).

Notwithstanding the Chinese acceleration of autonomous vehicle deployments and regulations, private sector stakeholders — especially foreign-owned companies — may still face significant challenges.  Chinese restrictions on foreign companies’ participation in the surveying and mapping sector, and requirements to localize mapping data  present key regulatory hurdles.

The landscape for autonomous mobility is taking shape, with an increasing need for partnership between governments, regulators, and industry.  The UK, for example, recently announced its HumanDrive initiative in which Highways England have teamed up with academic institutions and companies such as Nissan, Hitachi and Renault to develop an autonomous car prototype which will conduct a 200-mile journey in December 2019.  Last week, urban autonomous mobility took a leap forward when Airbus Group’s A^3 division staged a full-scale flight test of its autonomous vertical takeoff and landing (VTOL) Vahan aircraft.   In recent days we’ve seen some of the reverberations of an industry bursting at the seams, with Baidu significantly updating its open-source autonomous driving platform, Apollo, and a coalition of thought leaders in autonomous mobility coming together around a set of shared mobility principles.

Stay tuned here for further developments at the intersection of autonomous mobility, technology, regulation, law, and policy.

Covington Internet of Things Update: Voice Technologies, Meet the EU E-Privacy Regulation

This post was originally published on the Covington InsidePrivacy blog on January 19, 2018.

On January 12, the International Consumer Electronics Show (CES) in Las Vegas closed its doors for another year.  Each CES raises a new set of technology themes, ranging from robots to smart fridges — and this year, the winner was voice technologies.  Such technologies, while not entirely new, are now becoming mainstream:  sales of smart speakers like Amazon’s Echo more than tripled in 2017, and it is now estimated that one in six Americans own a smart speaker.  It is always difficult to predict the future, but voice enabled cars, home appliances, and other devices are all either on the way or already on the market, and the potential for voice interfaces to become new “platforms” — supporting third party services just like smartphones supported apps — is now clear to us all.

On the other side of the Atlantic, however, policymakers are going in another direction.  The European Union’s Council, made up of representatives of the 28 EU Member State governments, has been hard at work negotiating its preferred version of the next EU privacy law beyond the General Data Protection Regulation, known as the E-Privacy Regulation (EPR).  Just as the GDPR is built upon a predecessor law, the Data Protection Directive, so too is the EPR envisaged as an update to an existing law, the E-Privacy Directive.

The EPR is still a draft, and subject to further revision.  However, many of its key features are already largely clear.  One of the main purposes of the EPR is to “level the playing field” between traditional (e.g., copper, fibre, mobile and satellite -based) telecommunications providers and new upstart technology providers (for example, those offering instant messaging or VoIP communication services), so that all market players are bound by the same privacy rules.  In practice, this likely means that rules previously limiting how telecommunications companies can use certain types of communication data will be expanded to cover a much greater range of technology provider.  As a result, many technology providers previously outside the scope of the legacy E-Privacy Directive may well find themselves regulated by the EPR.

Where the EPR applies, it is likely to significantly limit how voice communications data can be used.

  • The EPR proposes a broad prohibition on the processing of electronic communications data in Article 5, except for use by end-users of communication systems, or where otherwise permitted in the EPR.
  • The EPR then sets out grounds for processing in Article 6.  These grounds are far more limited, however, than the array of options provided for in Article 6 of the GDPR.  For example, the legitimate interest grounds; the grounds of processing that is necessary for performance of a contract; and even the grounds of processing where necessary for the vital interests of an individual, are all absent.  Instead, in many cases, the only grounds available to providers to process voice communications will be consent — of either one end-user, or, in some cases, both.  Even where consent applies, additional requirements — such as prior consultation with a data protection authority — may also apply.
  • The EPR also sets out strict limits on the retention of electronic communications data in Article 7 (although deletion of covered data does not appear to be required where grounds under Article 6 continue to apply).

The upshot is that the EPR may, if adopted as drafted, set out significant limits on the ability of providers to collect and/or use electronic communications data — including many voice communications — for purposes such as product research, design, refinement, and development.  Providers, hard at work generating new products and features, should look up and take note.

Accessibility In The Workplace: What Businesses Need To Know: Part 4

By Fredericka Argent, Hannah Edmonds-Camara and Brandon H. Johnson

This is the final instalment in our series looking at accessibility in the workplace. Part 1 looked at the importance of deploying accessible IT in order to benefit employees and businesses. Part 2 examined national equality laws requiring businesses to make “reasonable accommodations” for employees in the workplace. In part 3, we set out how industry standards are playing an increasingly important role in helping organizations demonstrate compliance with accessibility requirements.

In this final instalment, we look at practical steps businesses can take to improve their accessibility credentials.

Practical steps

In light of the increasing importance of ensuring workplace accessibility and diversity, both as good business practice and in order to meet legal obligations, it is advisable that enterprises start pushing accessibility higher up the agenda. Companies can kickstart this process by reviewing their policies on workplace inclusion, procurement of IT and accessibility in the recruitment process.

Continue Reading

Accessibility In The Workplace: What Businesses Need To Know: Part 3

By Fredericka Argent, Hannah Edmonds-Camara and Brandon H. Johnson

Part 1 of our accessibility series explored the importance of businesses deploying accessible IT to recruit and retain employees with a view to reducing job polarization and inequality. Part 2 described how national equality laws are imposing affirmative obligations on businesses to make “reasonable accommodations” in the workplace for employees with disabilities — which may include ensuring that IT devices and services are enabled with accessibility functions.

This third instalment in our series looks deeper into the compliance landscape, at global rules and standards in the U.S., EU and beyond. Although many of these standards currently apply to public sector entities, rather than private entities, we expect this to change as technology transforms the nature of the workplace — not only within back offices and factories, but also on the front-line for customer-facing operations, in sectors such as the hospitality industry and retail.

Continue Reading

Accessibility In The Workplace: What Businesses Need To Know: Part 2

By Fredericka Argent, Hannah Edmonds-Camara and Brandon H. Johnson

As we noted in Part 1 of our series, there are strong business incentives to invest in accessible IT in order to recruit and retain employees with disabilities. However, aside from the business imperatives for ensuring workplace accessibility, businesses should also consider the compliance landscape — especially national equality laws. These too argue in favor of deploying accessible IT.

The compliance landscape

In many jurisdictions, equality laws place affirmative obligations on private companies, as employers, to protect their employees from discrimination on the grounds of a disability. Equality laws (and their equivalent, anti-discrimination laws) expect employers to make “reasonable accommodations” or “reasonable adjustments” in the workplace for employees with disabilities.

Continue Reading

LexBlog