Although up to eighty percent of the non-compliant hardware and software resides in "legacy systems" -- aging mainframe-based systems, found mostly in larger companies, written in archaic programming languages like Fortran and Cobol -- few if any businesses are totally immune. Although financial institutions and "high technology" firms are often mentioned as obvious Year 2000 risks, many other businesses and public entities provide service to the public on a time-sensitive basis (hospitals, nursing homes, transportation companies, police and fire departments). Other businesses rely on a constant stream of time-sensitive information. Stockbrokers and insurance agents may come to mind, but the issue goes beyond financial services. For example, farmers, fishermen, airlines and resorts all rely on accurate weather forecasts anywhere from hours to months in the future. Still more firms regularly enter into contracts or other transactions that span multi-year periods crossing the 2000 boundary, or contract to provide services after January 1, 2000. Hotels book weddings and conventions years in advance. Contractors must project costs for multi-year projects. Moreover, even businesses who put their own houses in order are subject to myriad potential disruptions in January 2000 from the predicted "nuisance failures" such as HVAC systems that fail to function, trash trucks that aren't dispatched, transportation snafus that delay deliveries and make employees late for work, as well as problems generated by exchanging information with suppliers or customers whose systems haven't been made properly 2000-compliant.
Despite rapidly increasing awareness of the Millennium Bug in the business community and among the public at large, experts continue to predict that many businesses, up to half of all affected firms, will not be in full "Y2K" compliance by New Year's Eve, 1999. Estimates of the cost of the Year 2000 fix continue to escalate as well, with many projections running into the hundreds of billions of dollars exclusive of the potential legal costs of resolving Year 2000-related claims, which may exceed the cost of the fix itself.
As understanding of the potential impact of the Millennium Bug grows and a burgeoning "Year 2000 remediation" industry develops, some trends are emerging, but many important questions remain unanswered.
Tick, Tick, Tick . . . .
As the inexorable deadline approaches, market power is shifting to the providers of Year 2000 corrective services. As demand for Year 2000 services increases, the costs are rising. The estimate of the cost of correction per line of software code has risen from the 50 cents to $1 range to between $3 and $5 for those just getting started. Equally importantly, the terms of the contracts are becoming less favorable from the standpoint of the customer. Fewer and fewer service providers are willing to provide extensive warranties for their work. Ironically (or perhaps not), this is occurring as the risk that the fix will not "take" is arguably increasing, due to inadequate testing time, and overworked and understaffed Y2K remediation providers. Thus, those who have delayed are likely to find that the solution has become more expensive in more ways than one.
Let the Finger-Pointing Begin
The first of a long-anticipated multitude of Year 2000 lawsuits have been filed. Not surprisingly, these opening salvos involve glitches affecting common routine transactions. In Michigan, a grocery chain is suing the company that provided its cash register network, claiming that the cash registers are rejecting customers' credit cards with expiration dates in 2000 or thereafter.
Another case highlights the difficulties in deciding who's to blame. A manufacturer ordered chemicals from a supplier which happened to have an expiration date of May 2, 2000. The manufacturer's computers rejected the shipment and sent it back to the supplier, calculating that the product was more than 95 years out of date. The manufacturer then sued the supplier for damages from production downtime. The supplier countered that the manufacturer should have made sure its shipping and receiving department's computers could handle the century change.
Neither of these suits has come to a resolution. Indeed, it is likely that the question of who bears liability for the Year 2000 problem and the cost of its cure will not be fully answered before January 1, 2000, and certainly not before businesses must act to prevent Y2K malfunctions. Computer and software producers faced with liability claims are likely to marshal a multi-pronged defense:
Software, and much hardware, is generally sold under general disclaimers of any express or implied warranties or a limited warranty for a fixed and short time period. Purchasers of custom-designed systems under individually negotiated contracts may have a better basis for contending that they relied on the vendor's expertise and reasonably expected the system to remain functional past the millennial date.
Vendors typically disclaim liability for consequential economic damages flowing from the failure of the product to perform as anticipated, and courts have generally upheld such disclaimers.
Vendors will contend that tort liability cannot be imposed for purely economic losses in the absence of personal injury or damage to other property.
Vendors will assert that claims are barred by statutes of limitation or by statutes of repose. Makers of "legacy" systems and software are particularly likely to rely upon statutes of repose, which fix a maximum time period after sale or delivery of the product, anywhere from 5 to 12 years, after which product liability claims are barred.
Vendors will contend that their products were not defective when designed or initially sold and that the two-digit date field was state of the art, or at least represented a reasonable cost-benefit compromise, when data storage capacity was extremely scarce and expensive. Indeed, some in the computer industry are already putting forth a revisionist view of the Year 2000 debacle, asserting that users have reaped enormous benefits over the years, because the use of a two-digit field made data processing capabilities available earlier and more affordable in the early days of computing.
A Little Knowledge Is a Dangerous Thing
The Year 2000 problem has rapidly gone from an esoteric subject of discussion in "high tech" circles to being the focus of numerous stories in popular and business media, the topic of dozens of conferences and seminars, and the subject of sales pitches from thousands of entrepreneurs seeking to sell their particular brand of antidote. In large measure, this increased awareness is beneficial. However, knowledge of the problem may itself have important legal consequences:
Knowledge may affect the ability to assert a claim, because it may constitute "discovery" of an injury that starts the statute of limitations running.
Knowledge may create a defense to a claim, such as assumption of the risk.
Knowledge may affect the existence of insurance coverage. Insurance is intended to provide coverage for fortuitous losses. Losses that are known or are in progress at the time of issuance of the policy may not be covered. General liability policies typically do not cover losses that were "expected or intended." Failure to disclose Y2K-related claims or exposures in the application process may affect the validity of the policy or the availability of coverage.
Knowledge may give rise to a duty to disclose. Directors of publicly held firms must consider what disclosures need to be made in securities filings of the potential Y2K-related liabilities the company faces, the anticipated costs of Y2K remediation, and the potential impact of Year 2000 troubles on operations and income. Many analysts predict that shareholder class actions or derivative suits will be filed against public companies that suffer losses due to millennial malfunctions.
Year 2000 Preparedness Pointers
No business needs the extra burden of unnecessary legal costs on top of the already significant cost and complexity of solving the technical problems presented by the Millennium Bug. Although there is no guaranteed recipe for avoiding all Year 2000-related litigation, there are many steps that businesses can take to reduce the likelihood of unpleasant legal surprises, of which the following are a sample:
Target potential liability areas in Y2K remediation. Systems that control payroll, benefits, accounting, and employee safety are examples of key functions where failures are likely to lead to claims.
Review contracts, licenses and other agreements carefully and consider Y2K issues in drafting. Contractual provisions are one way to anticipate and allocate risk in dealing with suppliers, customers, lenders and service providers.
Loose lips sink ships. Parties seeking to affix blame will seize on acts or words that can be construed as a warranty or misrepresentation. Companies should be careful about unnecessary statements that can be taken as promises of Year 2000 functionality to investors, users or customers.
Don't assume that insurance will pick up the tab. Many types of anticipated Year 2000-related claims may not be covered under common general liability policies. Some insurers are developing policies specifically tailored to address Y2K risks. Although some of these products remain in their formative stages, it appears that Y2K coverage will usually entail some combination of a substantial deductible, limited coverage and a stringent "Year 2000 audit" as part of the application process.
While there is no magic formula to navigating the Year 2000 minefield, those who are attentive to opportunities to prevent or minimize potential liability risks and legal exposures should at least be able to count down the million minutes without spending too much time counting sheep!