A coffee shop in Santa Rosa. A pizza restaurant in Sonoma County. A local therapist who accepts online bookings. These aren’t the businesses you’d expect to be named in a civil rights lawsuit. But they are, and the number of cases is growing.
If you own a business and have a website that California consumers can visit, you need to understand and follow California website compliance. Maybe you’ve already engaged an attorney and are looking for help from a digital marketing company in Sonoma County, or maybe you’ve just heard about this lawsuit surge. No matter where you currently stand, here’s what you need to know about what’s happening and what you can do about it.
Key Takeaways
- California’s Unruh Civil Rights Act allows for $4,000 in statutory damages per violation for websites that fail to accommodate users with disabilities, and each visitor can potentially be a separate violation
- Data privacy laws like the CIPA, CPRA, CCPA and VPPA require businesses to post accurate policies and give consumers control over how their information is used
- Bringing a site into compliance is a multi-step process that typically takes a skilled web team and review by a legal professional for accuracy
Why are California Small Businesses Being Sued?
Businesses across Sonoma County are being hit with demand letters and lawsuits under several overlapping California laws:
- The federal Americans with Disabilities Act (ADA)
- California’s Unruh Civil Rights Act
- California Invasion of Privacy Act (CIPA)
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- Video Privacy Protection Act (VPPA)
Most cases center on website inaccessibility and data usage rights.
Financial exposure is real. Unlike the federal ADA, California’s Unruh Civil Rights Act allows for statutory damages of $4,000 per violation and data privacy violations carry their own penalties as well. Under the California Consumer Privacy Act, as updated by the California Privacy Rights Act, businesses can face fines of up to $7,000 per violation.
For a site with regular daily traffic, those numbers will add up quickly.
The businesses getting targeted aren’t major corporations. They’re small and local, places that built a website to attract customers, without realizing that going public online also meant taking on legal obligations most of them had never heard of.
Where Your Business’s Site May Be at Legal Risk
Legal exposure from your website generally falls into 2 categories: ADA accessibility and data privacy. Both carry serious financial risk for California businesses.
1. ADA and Web Accessibility
The ADA and California’s Unruh Civil Rights Act require websites to be accessible to people with disabilities, including people who use screen readers, voice navigation tools, and other assistive technology.
The accepted technical standard is the Web Content Accessibility Guidelines, known as WCAG 2.1 Level AA. That’s the benchmark plaintiff attorneys and courts reference when evaluating whether a site discriminates against users with disabilities. Common issues include missing image descriptions (called “alt text”), forms that screen readers can’t navigate, poor color contrast, and videos without captions.
Most small business owners have never checked for any of this simply because they didn’t know it was required.
2. Data Privacy Compliance
California has some of the strongest consumer data privacy laws in the U.S. The California Consumer Privacy Act (CCPA) and related legislation require businesses to inform visitors what data is being collected, how it’s used, who it’s shared with, and how consumers can opt out.
This applies to every contact form, reservation system, booking tool, and third-party plugin running on your site.
WSI Smart Marketing’s Marketing Director, Devin Halliday, addressed this directly: even when you’re using someone else’s software (a booking tool, a payment processor, a live chat widget) if it runs through your website and interacts with customer data, your business is responsible for disclosing how that data is handled.
That’s where small businesses are especially exposed. Large companies have internal development and legal teams to review these tools before they go live. Small businesses rely on off-the-shelf solutions and often have no idea what data those tools are collecting or transmitting.
How to Bring Your Website into Compliance
These are the steps WSI Smart Marketing recommends for businesses looking to address their website compliance vulnerabilities. Work through these with a qualified web professional and, where relevant, with a legal advisor.
Privacy and data protection
1. Create a legally compliant Privacy Policy page
A generic template copied from another website won’t cut it. Your Privacy Policy needs to accurately describe every tool, software, and partner that collects or handles data through your site — including any third-party booking, payment, or analytics tools.
2. Link your Privacy Policy in your website footer. The link needs to appear on every page of your site, not just the homepage.
3. Create a “Do Not Sell or Share My Personal Information” page. California law gives consumers the right to opt out of having their data sold or shared. This page satisfies that requirement. It needs to be its own standalone page, not buried inside your Privacy Policy.
4. Link “Do Not Sell or Share My Personal Information” in your footer. Like your Privacy Policy, this link needs to be sitewide and easy to find.
5. Create a Terms and Conditions page. This establishes the rules for using your site and can provide some legal protection for your business.
6. Link your Terms and Conditions in your footer.
7. Add a privacy contact method. California law gives consumers the right to reach out to a business about their personal data. Your site needs to make it clear how to do that — typically a dedicated email address or form.
8. Add a privacy acknowledgment to all forms on your site. Every contact form, booking request, newsletter signup, or intake form needs a disclosure statement informing users how their data will be used and stored.
Cookie consent
9. Add a cookie consent banner. This gives visitors the option to accept or decline data tracking before any collection begins.
10. Verify that the cookie consent banner triggers before any tracking code fires. This is where many sites that look compliant actually aren’t. If your analytics tools, advertising pixels, or other scripts load before a user makes a consent choice, you’re out of compliance, regardless of what your banner says. The technical setup matters here, not just the visual appearance. Devin Halliday made this point plainly: a lawsuit captures what’s actually happening behind the scenes on your website, not just what it looks like to a visitor.
ADA accessibility
11. Add an ADA-compliant plugin to your site. An accessibility plugin helps users with disabilities navigate your site. It needs to be a properly configured tool, not just a visual overlay that appears to offer compliance without actually providing it. More on this below.
12. Add an Accessibility Statement to your site footer. This communicates your business’s commitment to accessibility and the steps you’ve taken. WSI Smart Marketing includes an Accessibility Statement as part of its ADA Website Service.
A note on quick-fix plugins: Be careful of any product that promises instant ADA compliance through a plugin overlay. These solutions address some surface-level issues but leave deeper technical problems in place. Lawsuits examine the actual code and behavior of your website, not just what it looks like on screen.
What to Do if You’ve Already Received a Legal Letter
If a demand letter or lawsuit has already arrived, here are the steps Devin Halliday recommends:
1. Contact an Attorney Immediately
Send the letter to a lawyer who can assess whether it has merit and advise you on next steps. Don’t ignore it, don’t respond on your own, and don’t make any changes to your site until you’ve spoken with counsel.
2. Capture and Preserve Your Current Site
Before any changes are made, create a complete backup. This documentation may be relevant during the legal process.
3. Begin Remediation ASAP
Once you have legal guidance, start working on compliance. Addressing the underlying issues is the right move regardless of the outcome of the letter itself, and it protects you from further exposure.
Your Next Steps
- Get a free website compliance assessment.
- WSI Smart Marketing offers complimentary site assessments that identify vulnerabilities across both ADA accessibility and data privacy.
- Consult a legal professional if you’ve received a demand letter.
- An attorney familiar with the Unruh Civil Rights Act or ADA can tell you whether the claim has merit and what your options are.
- Don’t delay! These letters often have response windows.
- Start remediation with a qualified web team.
- Compliance involves policy pages, technical configuration, accessibility improvements, and ongoing monitoring.
- Work with someone who understands all of these layers, not just one piece of the puzzle.
Reminder: WSI Smart Marketing is a digital marketing agency, not a law firm. Nothing in this article is legal advice. If you’ve received a legal letter or believe your business may be at legal risk, consult a licensed attorney.
Keeping Your Site Compliant – WSI Smart Marketing
WSI Smart Marketing works with small businesses to identify and address website compliance vulnerabilities before they become legal problems. If you’re not sure where your site stands, a free assessment is the right first step. Our team will give you an honest, complete picture of your exposure so that you can protect your site and your business.
Reach out today and take the first step:
📞 Call: (707) 843-3714
Common Questions About California Law Website Compliance
Does every California small business website need to be ADA compliant?
If your website is publicly accessible to California consumers, it falls under ADA Title III and the Unruh Civil Rights Act. That covers most small business websites. The best way to know your specific situation is to consult with a legal professional who specializes in disability access law.
What's the difference between a cookie banner and full privacy compliance?
A cookie consent banner is one part of a larger compliance picture. It doesn’t satisfy California’s privacy requirements by itself. You also need accurate policy pages, disclosures on your forms, a “Do Not Sell” option, a privacy contact method, and the correct technical setup so no tracking code fires before a user gives consent.
Can a free ADA plugin make my site compliant?
Some plugins address certain accessibility issues, but no single plugin makes a site fully compliant. Effective ADA remediation requires a review of your site’s structure, content, forms, and code. WSI Smart Marketing’s ADA Website Service includes ongoing monthly testing and mitigation, not just an initial plugin install. Start with the free ADA site scan using our online tool to see where your site stands.
How long does it take to bring a website into compliance?
This can vary based on the complexity of your website and the contact and tracking tools in place. Once you have developed a legally compliant set of privacy and terms policies, implementing accessibility fixes, policy pages, cookie consent configuration, form disclosures, and technical verification can be completed in just a few days. It’s not a quick patch job, which is why the quality of who you work with matters.
What should I do if I've already received a legal demand letter?
Contact an attorney first. They can review the letter, assess whether it has merit, and guide you through next steps. Before making any changes to your website, capture and preserve a full backup of your site in its current state. After you have legal guidance, begin the process of bringing your site into compliance to prevent ongoing exposure.
How do I know if my site is already collecting data I don't know about?
A free ADA and compliance assessment is the fastest way to find out. WSI Smart Marketing offers complimentary site reviews that look at both accessibility and data handling. Call (707) 843-3714 or contact us online to schedule yours.
