Website Compliance & Risk Reduction
California's wave of website lawsuits is putting small business owners on edge. We help you find the issues on your site, prioritize the fixes, and budget the work — so you can move forward with a plan, not a panic.
California businesses are getting hit with two waves of legal action right now — ADA accessibility claims and CIPA privacy claims. Both target small business websites. Both are preventable, or at least defensible, with the right groundwork. Here's what we offer.
If you've gotten a forwarded email from your chamber, a worried message from your attorney, or — worse — an actual demand letter, you're not alone. Sonoma County businesses are seeing a noticeable uptick in two specific legal claims this year.
ADA accessibility lawsuits under Title III of the Americans with Disabilities Act, typically citing failure to meet WCAG 2.1 Level AA standards. Common targets: missing alt text, low color contrast, keyboard navigation problems, unlabeled forms, inaccessible menus and modals.
CIPA privacy claims under the California Invasion of Privacy Act, typically alleging that tracking pixels, session replay tools, chat widgets, or analytics scripts captured visitor data before the visitor consented. The plaintiff theory frames script loading as "wiretapping" or "pen register" use under §§ 631 and 638.51.
Different laws, different fixes, related root cause: standard small business website builds — at RAD and across the industry — do not include the scope of accessibility and privacy work that plaintiff firms are now using as a yardstick. They never have. Compliance-tier builds exist, but they're a different product at a different price point.
Website Compliance & Risk Reduction for Sonoma, Marin, and Napa Businesses: Stay Protected, Avoid Fines, and Keep Your Website Accessible and Secure
Request Your Website Compliance & Risk Reduction Consultation!
We offer two scoped services to help you reduce exposure on both fronts:
ADA Accessibility Audit & Remediation → WCAG 2.1 AA audit by a specialist accessibility team, followed by hands-on code-level remediation. No overlays, no widgets that promise instant compliance.
CIPA & Privacy Compliance Audit → Full inventory of your tracking, pixels, embeds, and integrations, followed by setup of proper opt-in consent, policy updates, and remediation of high-risk tools.
Each service is priced for clarity. ADA accessibility starts with a flat-fee audit, then a quote to fix the issues based on what we actually find — since fix complexity varies a lot site to site. CIPA privacy is offered as a bundled audit and setup package at a flat starting price for typical small business sites, with published adjustments for sites with extra functionality. You'll know what you're paying before any work begins.
Local Resources
The resources below are provided for informational reference only. Listing them does not constitute an endorsement, recommendation, or referral, and RAD Web Marketing has no affiliation with the organizations listed unless explicitly stated.
1. Sonoma County Bar Association — Lawyer Referral Service sonomacountybar.org/?pg=find-lawyer · (707) 546-5297 State Bar-certified referral service connecting Sonoma County residents and businesses with local attorneys experienced in relevant areas of law. A $100 intake fee covers an initial consultation.
2. California Privacy Protection Agency (CPPA) cppa.ca.gov · Consumer site: privacy.ca.gov The state agency that implements and enforces California's privacy laws (CCPA and CPRA). Useful for understanding business obligations, consumer rights, and how privacy complaints are processed in California.
3. U.S. Department of Justice — Guidance on Web Accessibility and the ADA ada.gov/resources/web-guidance The DOJ's official guidance on how the Americans with Disabilities Act applies to websites and digital content. Explains the legal framework for both businesses (Title III) and state/local government entities (Title II).
4. W3C Web Content Accessibility Guidelines (WCAG) w3.org/WAI/standards-guidelines/wcag The international technical standard for web accessibility, maintained by the World Wide Web Consortium. WCAG 2.1 Level AA is the standard most commonly cited in U.S. accessibility lawsuits and is referenced in the DOJ's 2024 Title II final rule.
If we built your website:
These services still apply as recommended, add-on services.
A fully WCAG 2.1 AA-compliant website built from the ground up is a specialized engagement that typically runs $20,000 to $30,000 or more — not because anyone is overcharging, but because the audit, design, development, and QA cycles involved are substantially more intensive than a standard build. Most small business website packages — at RAD and across the industry — do not include this scope, because pricing them that way would put a small business website out of financial reach for most owners.
Clients who need a compliant build from day one scope it as a distinct project. Clients who scope a standard build receive a standard build, which is how the industry has operated for the entire history of small business web development. If your site wasn't originally scoped as a WCAG 2.1 AA build and you now need it brought to that standard, that's the same accessibility engagement that would apply regardless of who built it. We're happy to help, often with priority scheduling for existing RAD clients.
Ready to reduce your risk?
If California's wave of website lawsuits has you worried about your site, you're not alone. We help you find out what's on your site, what to fix first, and what it'll cost — so you can address it with a clear plan and budget.
FAQs
Can an ADA or CIPA website audit prevent my business from being sued in California?
No website audit, plugin, or remediation service can guarantee that a business won't receive an ADA accessibility lawsuit or CIPA demand letter — and any vendor claiming otherwise is misrepresenting what they can deliver. What a properly scoped audit and remediation engagement does is substantially reduce risk, document that the business has taken reasonable steps to comply with WCAG 2.1 Level AA and the California Invasion of Privacy Act, and put the business in a stronger defensive position if a claim is filed. Plaintiff law firms in California typically target the lowest-hanging fruit — websites with obvious, unaddressed issues that fail automated accessibility or tracking scans. A properly audited and remediated site is far less likely to be flagged in the first place.
What is the difference between ADA and CIPA compliance, and does my California business need both?
ADA and CIPA are separate laws covering different aspects of a website. The Americans with Disabilities Act (ADA) Title III governs accessibility — whether people with disabilities can functionally use a website, measured against the WCAG 2.1 Level AA standard referenced in the Department of Justice's 2024 Title II final rule. The California Invasion of Privacy Act (CIPA) governs tracking and data collection — specifically, whether scripts like Meta Pixel, Google Analytics, session replay tools, and chat widgets capture visitor data before the visitor consents, under §§ 631 ("wiretap") and 638.51 ("pen register").
Most California businesses with public-facing websites should consider both audits, but they don't have to be done simultaneously. If you've already received a demand letter or complaint, start with whichever law it cites. If you're being proactive: sites with heavy tracking, ad pixels, session replay, or chat widgets should start with CIPA. Sites with extensive forms, modals, image-heavy content, or audiences in regulated sectors (healthcare, education, public services, nonprofits) should start with ADA.
Are small businesses in California really being sued for website ADA and CIPA violations?
Yes — small businesses are among the primary targets of California website accessibility and privacy lawsuits, often more so than larger businesses. Plaintiff law firms specifically target small and mid-sized businesses on the assumption that the cost to litigate a claim ($25,000–$100,000+ in legal fees) significantly exceeds the cost to settle (typically $5,000–$25,000), which produces fast settlements. Public-facing websites are easy to find and screen at scale using automated WCAG and tracking scans. The demand letter a small business receives is rarely personalized — it is generated from a list of websites that failed an automated scan, with the business name dropped into a template. Sonoma County and the wider Bay Area have seen a noticeable uptick in these claims in the past 12–24 months.
Are accessibility overlay widgets or free cookie consent banners enough for ADA and CIPA compliance?
No. Accessibility overlay widgets — products like accessiBe, UserWay, EqualWeb, and similar tools that float in the corner of a website offering font size and contrast controls — do not fix the underlying code, have been formally rejected by leading disability rights organizations including the National Federation of the Blind, and have been the subject of multiple ADA lawsuits. Many businesses have been sued while using an overlay, because the overlay does not address the actual WCAG failures in the site's code.
For CIPA, most free cookie consent banners run in opt-out mode by default, which means tracking scripts (Meta Pixel, Google Analytics, session replay tools, chat widgets) continue to fire before the visitor consents. Plaintiff CIPA theories under §§ 631 and 638.51 specifically target what fires before consent, so a decorative banner provides essentially no defense. Real compliance requires a consent-management platform configured in opt-in mode for California visitors, paired with code-level accessibility remediation — not bolt-on widgets.
What should I do if I receive an ADA or CIPA demand letter for my website?
Contact a qualified California attorney before contacting any remediation vendor, including a web agency. Three reasons this sequence matters:
Some demand letters are settlement bait, and an attorney can frequently resolve them for substantially less than the original demand — sometimes for the cost of legal representation alone.
Anything you say or do in response can affect your legal position, including reaching out to vendors or fixing the issues prematurely without documentation.
The correct sequence of audit, remediation, and documentation depends on what the letter actually alleges — the wrong order can weaken a defense.
Once legal counsel is engaged, a web agency can coordinate directly with your attorney on the technical remediation side. Do not ignore the letter. Do not respond to the demanding party yourself.
How often should I audit my website for ADA and CIPA compliance in California?
A full WCAG 2.1 AA accessibility audit and CIPA tracking audit should be performed at least annually, plus a lighter review any time the website undergoes a significant change — a redesign, a content overhaul, the addition of a new plugin or tracking tool (analytics, ad pixel, chat widget, session replay, third-party form integration), or a platform or CMS update that affects sitewide structure. The legal landscape itself changes continuously: WCAG criteria are updated (WCAG 2.2 was finalized in October 2023 and adds nine success criteria), CIPA plaintiff theories continue to expand (the §638.51 "pen register" theory targeting tracking pixels emerged in 2023–2024), and new tracking technologies are routinely added to marketing stacks without business owners noticing. Ongoing monitoring is the most cost-effective way to stay ahead of risk rather than react to a demand letter after it arrives.
Ready to Start a Conversation?
If you've received a demand letter, talk to a qualified attorney first — that's not us deferring, that's the correct order of operations. If you're worried about exposure but haven't received anything yet, a scoped audit is the right next step. We offer flat-fee audits for both ADA accessibility and CIPA privacy compliance, with remediation quoted from actual findings rather than packaged blindly. No overlays, no widgets that promise guaranteed protection, no products that don't actually work. Just careful technical work, documented for your records, designed to reduce your risk and put your business in a defensible position. Reach out for a no-obligation consultation to discuss which audit fits your situation — or both, if that's where you're at.