As the year 2000 looms on the horizon, dire predictions abound of a flood of costly litigation relating to the failure by companies to take steps to assure that their computer programs will recognize the new millennium. There is even a web site -- www.year2000.com -- devoted to the issue.
The so-called Year 2000 ("Y2K") Problem causes computer systems to miscalculate or fail because they are not programmed to recognize years that do not begin with "19__." Many information specialists warn of a worldwide computer "crash" of the time-sensitive computer programs used by virtually every industry, including banking and finance, insurance, utilities, air traffic control, and medicine and pharmaceuticals. With no universal software available to fix the Y2K Problem, each company must seek its own solution, a process that is not only work-intensive but also expensive. Many large corporations have budgeted hundreds of millions of dollars to address the problem. There is, however, concern that many small to mid-sized companies have not yet taken steps toward Y2K remediation, leading some information specialists to question whether the needed changes can be made and adequately tested before January 1, 2000.
A critical aspect of Y2K remediation is the potential cost of lawsuits arising from the necessity of rewriting existing programs, the acquisition and installation of replacement systems, productivity lost due to system downtime, and business interruptions caused by failing systems. Y2K compliance implicates a host of complex legal issues relating to, among other things, financial disclosure, insurance, employment, mergers and acquisitions, taxes, contracts, licensing and copyrights. A careful, forward-looking assessment of these issues is critical to avoiding or at least mitigating consequential damages for Y2K noncompliance. For example:
- A company that anticipates significant costs to fix Y2K problems or faces significant potential liability from system disruptions may be required to disclose this in its financial statements and regulatory filings. Since the IRS has not yet taken a position on how to account for the costs of Y2K remediation, this can have a significant impact on a company's bottom line.
- The question of who is responsible for making existing software Y2K compliant and bearing the consequences of not doing so requires a careful review of existing licensing, copyright and warranty issues. A company further should review its existing insurance policies to see if such policies cover the company's costs of Y2K remediation. Some insurance companies are beginning to offer additional coverage for Y2K failures and for resulting damages to third parties; others are adding exclusionary clauses for Y2K problems in their business continuation coverage.
- Parties considering acquisitions need to do proper due diligence with respect to the Y2K compliance of the company to be acquired, in order to avoid inheriting unexpected Y2K liabilities. This is particularly important because some companies may decide that is it more cost effective to divest themselves of operating assets with Y2K problems than to pay remediation costs. Sellers should be asked to warrant Y2K compliance and to indemnify purchasers against the consequences of a breach of that warranty.
- In the employment area, companies need to look ahead to determine staffing needs. Because there is a shortage of qualified people to handle Y2K compliance, issues relating to employment contracts and protection of trade secrets must be considered carefully.
The time for addressing Y2K problems may be running short. Some experts believe that if compliance plans are not in place in early 1998, the price of solving the problem will increase dramatically because of the unavailability of qualified technical staff and consultants. All companies, no matter what their size, should, if they have not already done so, undertake a thorough inventory of their computer hardware and software. Source codes must be analyzed for all date references. Once the complexity of the required changes is determined, the cost of the conversion project can be estimated and a remediation plan developed. Remediation strategies should be based on the importance of applications and their impact on customers, with a view to preserving causes of action against vendors and others while mitigating potential liability to third parties for system delays or failures. In the end, however, analyzing the problem is only half the task. Actually correcting the system and, most importantly, testing the corrected system are the best safeguards against technical, management and legal difficulties.