Image of interconnected web of people

Website Accessibility for Privacy Policies – California Consumer Privacy Act Regulations

Image Credit: Gordon Johnson from Pixabay

On October 10, the California Attorney General released proposed guidelines to implement the California Consumer Protection Act (CCPA), which goes into effect in January 2020. One of the provisions that surprised many was a new requirement that privacy notices given to consumers “[b]e accessible to consumers with disabilities” and “[a]t a minimum, provide information on how a consumer with a disability may access the notice in an alternative format.” [Note: the AG’s regulations are not final, and interested parties may submit comments about them before December 6, 2019 at a series of public hearings, by mail, or by email.]

The requirement to provide the privacy notice in a format that is accessible to people with disabilities is consistent with recent trends towards website compliance with the Americans with Disabilities Act (ADA). Whether out of a desire to advance equity or to comply with the spirit or letter of accessibility laws, we see more businesses and website operators making earnest attempts to make their websites accessible to the broadest audience possible.

Unfortunately, the AG did not provide very much guidance on how businesses could make their privacy notice or websites more accessible. Luckily, several organizations doing work in this area, including the W3 Web Accessibility InitiativeStanford Online Accessibility Program and Berkeley WebAccess, have put resources online for designers, developers and content creators.

While not exhaustive, the following is a list of fairly straightforward best practices distilled from other lists that businesses and website operators can implement to make their websites accessible to people with disabilities:

1.     Use headings correctly to organize the structure of your content

2.     Pay attention to color contrast

3.     Images should include alternate text in the markup/code; complex images should have more extensive descriptions near the image

4.     Provide transcripts for podcasts

5.     Websites with videos should provide visual access to the audio information through in-sync captioning

6.     Sites should consider using skiplinks

Millions of internet users have special needs, disabilities and impairments that make certain websites difficult or impossible to access and use. By designing your website with these challenges in mind, you can ensure that it is welcoming to as many users as possible.

Lock in "cyber security" word circle and other dot circles

Cybersecurity Ignorance is No Excuse for Tax Professionals

Image Credit: Pete Linforth from Pixabay

Co-authored with Lily Li and Kenny Kang. Mr. Kang is a Certified Public Accountant (CPA), Charted Global Management Accountant (CGMA), and Certified Fraud Examiner (CFE) with a wealth of experience in public accounting and industry.

CPAs and other tax professionals collect their client’s crown jewels: sensitive financial data. This makes them prime targets for cybercriminals. For hackers looking to make a quick buck, or engage in more sophisticated identity theft and tax fraud schemes, tax professionals are a treasure trove of social security numbers, tax ID numbers, bank account numbers, confidential agreements, and other personally identifiable information. Consequently, 3-5 tax practitioners get hacked each week, according to a 2017 webcast by the IRS criminal investigations unit – a number that has likely increased over the last couple of years.

In July 2019, IRS released its own statistics relating to identity theft:

IRS Individual Filing Article “Identity Theft Information for Tax Professionals”

[Page Last Reviewed or Updated: 24-Jul-2019]

An estimated 91 percent of all data breaches and cyberattacks begin with a spear phishing email that targets an individual. The criminal poses as a trusted source, perhaps IRS e-Services, a tax software company or a cloud-storage provider, or the criminal poses as a potential client or professional colleague. The objective is to get the tax professional to open a link or PDF attachment. This allows the thief to steal passwords or download malware that tracks keystrokes or gives the thief control of your computer. 

In light of the rise in cyberattacks against tax practitioners, the IRS has taken notice. For this year’s PTIN renewal season, the IRS has revised Form W-12, IRS Paid Preparer Tax Identification Number (PTIN) (Rev. October 2019) by adding Line 11, which included a mandatory checkbox for tax preparers, requiring them to confirm their awareness of their data security responsibilities. Line 11, Data Security Responsibilities, states:

 As a paid tax return preparer, I am aware of my legal obligation to have a data security plan and to provide data and system security protections for all taxpayer information.  Check the box to confirm you are aware of this responsibility.

This affirmative checkbox applies to licensed tax attorneys, CPAs, enrolled agents, enrolled actuaries, enrolled retirement plan agents, state regulated tax return preparers, certifying acceptance agents, and it should not come as a surprise for tax professionals.

Continue Reading Cybersecurity Ignorance is No Excuse for Tax Professionals

Women in Cybersecurity – Metaverse Law Interviews Malia Mason

Image Credit: Pete Linforth from Pixabay

Metaverse Law recently interviewed Malia Mason, co-founder and president of the Southern California Chapter of Women in CyberSecurity, Navy veteran, and business owner. A transcript of the conversation is available below:

Lily Li: Women make up only 15% of today’s cyber security workforce.  Today, I have brought my good friend, Malia Mason, who’s trying to get that number to 50%.  Malia, thanks for joining me today and talking a little bit about women in the cyber security and tech community.  To get started, can you let us know a little bit about how you got involved in cybersecurity? 

Malia Mason: Yeah, so, my career in cybersecurity actually began in the military when I was in the Navy years ago. I served active duty for four years and worked to secure our nation’s secrets. When I got out of the military, that’s when I wanted to continue to help secure data and decided to get into the cybersecurity realm and I’ve worked as a consultant for a few years and actually, this year, just founded my own small cybersecurity consulting firm called Integrum. We’re working to help secure small businesses, especially in nonprofits. 

Lily Li: Another thing that you’re very involved with is women in cybersecurity. So, tell us a little bit about what that organization does and what’s been happening lately in that space. 

Malia Mason: Yes, so, Women in CyberSecurity is a national nonprofit that was founded in 2012 and I am actually the co-founder and president of the Women in CyberSecurity SoCal chapter.  We boast over a hundred members so far and we have a chapter as well in San Diego and our launch event actually brought over 50 attendees, both women and allies, and it was great to see the community come together and we’re hosting a big Cyber Career Day on October 19th; which should be really, really fun and try to help more people get into this industry, especially women.

Continue Reading Women in Cybersecurity – Metaverse Law Interviews Malia Mason
Gold gavel on platform

California Attorney General Releases Proposed CCPA Regulations

Image Credit: 3D Animation Production Company from Pixabay

California Attorney Xavier Becerra unveiled highly-awaited regulations on October 10, 2019 to enforce the California Consumer Privacy Act, a sweeping new privacy law set to take effect on January 1, 2020.

The text of the CCPA proposed regulation is available here. As a few highlights, the proposed regulation:

  • Defines “categories of sources” and “categories of third parties” to include consumer data resellers, among other types of entities. This shows the Attorney General’s increased scrutiny on data brokers.
  • Requires privacy notices to “[b]e accessible to consumers with disabilities” and “[a]t a minimum, provide information on how a consumer with a disability may access the notice in an alternative format.” This is consistent with recent trends towards ADA website compliance.
  • Requires businesses to either (1) notify consumers of the sale of their data, if they collected the data from third party sources, or (2) confirm or receive signed attestations from the source describing how they provided a notice of collection.
  • Requires greater offline rights to notice and opt-outs of sale, for businesses that substantially interact with consumers offline.
  • Contemplates a button or logo opt-out in a modified version of the regulation.
  • Recognizes the security risks of providing specific pieces of information in response to a request, with requirements around verification of identity and security of transmission.

Individuals and businesses interested in shaping the final CCPA regulations can attend public hearings or send comments by mail or email to the following:

  • Email: PrivacyRegulations@doj.ca.gov
  • Privacy Regulations Coordinator
    California Office of the Attorney General
    300 South Spring Street, First Floor
    Los Angeles, CA 90013

The public hearing dates and locations are as follows:

Public Hearing DatesLocations
Sacramento
December 2, 2019
10:00 a.m.
CalEPA Building
Coastal Room, 2nd Floor
1001 I Street
Sacramento, CA 95814
Los Angeles
December 3, 2019
10:00 a.m.
Ronald Reagan Building
Auditorium, 1st Floor
300 S. Spring Street
Los Angeles, CA 90013
San Francisco
December 4, 2019
10:00 a.m.
Milton Marks Conference Center
Lower Level
455 Golden Gate Ave.
San Francisco, CA 94102
Fresno
December 5, 2019
10:00 a.m.
Fresno Hugh Burns Building
Assembly Room #1036
2550 Mariposa Mall
Fresno, CA 93721

More information about the public hearings and proposed CCPA regulation is available on the Attorney General’s CCPA website.