®
InfoJur.ccj.ufsc.br
The Year 2000 Bug: Legal Issues
By: J. Fraser Mann and Alan M. Gahtan
[Extract from Information & Technology Law, Volume
2, No. 1, September 1997]
Nature and Scope of the Problem
Many older computer systems and software programs contain
a bug which may surface on January 1, 2000. The so-called Millennium 2000
Bug or Y2K problem is due to the use of two digits rather than four to
represent the year in dates. The Y2K problem had its origin over thirty
years ago when memory for computer systems was expensive and programmers
utilized techniques to save space. Using two digits instead of four to
store the year provided space saving especially in databases containing
multiple records.
Such systems cannot correctly process date information
after the year 1999. A date in the year 2000 may be interpreted by such
systems as occurring in the year 1900. Applications which track future
dates such as term deposits, insurance renewals and docketing software,
may have already experienced the impact of the problem.
Date errors which will arise upon the commencement of
the year 2000 may cause systems which are not compliant to produce incorrect
results, delete data or shut down. The problem is not restricted to what
is typically regarded as computing devices but may affect all types of
appliances and equipment having computerized components that are dependent
on dates. These may include elevators, HVAC systems, manufacturing systems,
financial systems, security systems and even automobiles.
The problem may even affect computer systems that are
themselves compliant due to the linkages between systems. A system designed
to operate correctly after the Year 2000 may still acquire incorrect data
from other systems. In addition, organizations whose systems are fully
compliant may encounter problems because they are dependent on suppliers
who experience disruptions due to lack of compliance of their systems.
Fixing the Y2K Defect
Fixing the Y2K problem has been projected to cost up to U.S.
$600 billion. Many large corporations are each expecting to spend tens
or even hundreds of millions of dollars to analyze their systems and make
any required changes.
The year 2000 problem is compounded by the long lead time
usually required to analyse the problem and carry out the necessary conversion
and testing. This is due to the size and complexity of many computer systems.
Government agencies and other organizations with a long acquisition cycle
may be at a further disadvantage. Some organizations are acknowledging
that insufficient time is remaining to correct all systems in time and
are instead focusing their efforts on the correction only of their key
systems.
Many companies are implementing projects to address their
internal exposure to Y2K problems. Prudent organizations are advised to
consider comprehensive audits to assess their vulnerability to liability
claims and an assessment of possible recourse against existing suppliers.
Another recommended step is to write to suppliers and ask them to certify
that their products are or will be year 2000 compliant and to outline the
action that they are taking to ensure such compliance.
Legal Issues
We have outlined below some of the key legal issues to be
considered as part of a comprehensive review by any organization of the
year 2000 compliance of its own systems and those of its suppliers or other
organizations with which it deals:
-
Contracts: Most types of computer products are acquired
pursuant to written contracts. Many such products are also subject to support
agreements which require the supplier to correct bugs or deficiencies in
the product. The responsibility of a supplier to correct a product that
is not year 2000 compliant may depend on the obligations and warranties
contained in such contracts. Implied warranties or conditions of merchantability
and fitness for a particular purpose may also be applicable. However, suppliers'
responsibilities and liability may be limited by disclaimers, limitations
on liability and by any applicable statute of limitations.
For instance, some contracts may contain a provision that
limits the customer's remedy to correction of a problem. A clause that
excludes liability for consequential damages may preclude recovery of many
types of costs that may be incurred due to Y2K problems. Some contracts
may also limit total liability to an amount paid by the customer under
the contract or during a specific time period.
Companies who seek to deal with Y2K problems in their
existing systems by acquiring new products should also ensure that the
relevant contracts applicable to those acquisitions contain appropriate
Y2K warranties.
-
Customers who execute new support contracts or are reviewing
existing agreements should ensure that such contracts contain appropriate
warranties and obligations, and that the customer has the right to extend
such contracts past the year 2000.
-
Copyright Infringement: Many companies have commenced
projects to modify existing software to make it year 2000 compliant. The
software may have been developed internally and the organization may own
all rights to such software. However, in the case of software that is owned
by another party, the organization may have acquired the software pursuant
to a limited software license without the right to make modifications.
Software licenses that permit the licensee to make modifications may permit
such modifications to be made only by employees of the licensee and may
prohibit disclosure of the software or the making of modifications by other
parties. If an organization utilizes the services of a contractor to assist
with year 2000 conversion initiatives in respect of software that is licensed
pursuant to such restrictions, then a breach of the license agreement will
occur.
-
Insurance: Insurance policies should be reviewed to
determine if they cover the cost of correcting Y2K problems. Coverage for
failures and liability to third parties for Y2K problems should also be
reviewed. Insurance policies do not generally provide explicit coverage
for Y2K problems, but the problems may fall within general provisions of
certain types of policies. However, exclusions for Y2K problems may begin
appearing in new policies as insurance companies become more aware of the
risks. Some insurance companies have already commenced seeking information
from their policy holders as to their exposure to the year 2000 problem.
-
Employment Issues: As the year 2000 approaches, many
categories of computer programmers, already in heavy demand, will become
more difficult to recruit. The difficulty in obtaining the expertise and
skill required to deal with the problem may lead to disputes because of
the hiring away of programmers by competitors. Increased use of bonuses
is likely. A peak in demand for programmers may also require flexibility
in employment arrangements and compensation schemes to allow downward adjustments
to market levels after the peak.
-
Legal Obligations of Disclosure: Companies that reasonably
expect to incur significant costs to make their systems year 2000 compliant,
or that face potential liability from system failures, may be required
to disclose such information in financial statements and filings with regulatory
authorities. Failure to disclose information about losses which are known
or which can be determined based on due diligence may subject the organization
and its officers and directors to fines or other liability.
-
Mergers and Acquisitions: Some companies may decide
to deal with their Y2K problems by putting problem product lines or even
an entire division up for sale. A party contemplating an acquisition should
deal with this issue as part of its due diligence and should incorporate
appropriate Y2K-related representations and warranties into the acquisition
agreement. Vendors of products or a business with Y2K problems that are
or should have been known and who do not disclose such problems to a purchaser
may find themselves defending claims based on non-disclosure.
-
Financings: A similar due diligence review, and use
of appropriate representations and warranties, should also be considered
as part of any major financing. To the extent that a company seeking financing
may be exposed to significant legal liability or business interruption,
and corresponding loss of value, due to a year 2000 problem, an investor
will wish to obtain a proper assessment of that risk before investing in
the company.
-
Outsourcing: Another alternative considered by some
companies to deal with their Y2K problems is to outsource their information
technology operations to an external supplier. Whether such a supplier
is responsible for correcting Y2K problems in software or systems transferred
as part of the outsourcing transaction is not clear and may depend on factors
similar to those relevant to support and maintenance agreements. Parties
entering into new outsourcing transactions are advised to deal with the
Y2K issue openly and to document their respective responsibilities. Customers
entering into outsourcing agreements should ensure that they have a right
to keep the contract in force past the year 2000.
The foregoing is not necessarily an exhaustive list of the
legal issues that arise from the year 2000 problem. Companies involved
in any significant transaction of the kind referred to above or who may
have concerns about this problem should contact their legal advisors.