The Year 2000 Bug: Legal Issues

By: J. Fraser Mann and Alan M. Gahtan

[Extract from Information & Technology Law, Volume 2, No. 1, September 1997]

Nature and Scope of the Problem

Many older computer systems and software programs contain a bug which may surface on January 1, 2000. The so-called Millennium 2000 Bug or Y2K problem is due to the use of two digits rather than four to represent the year in dates. The Y2K problem had its origin over thirty years ago when memory for computer systems was expensive and programmers utilized techniques to save space. Using two digits instead of four to store the year provided space saving especially in databases containing multiple records.

Such systems cannot correctly process date information after the year 1999. A date in the year 2000 may be interpreted by such systems as occurring in the year 1900. Applications which track future dates such as term deposits, insurance renewals and docketing software, may have already experienced the impact of the problem.

Date errors which will arise upon the commencement of the year 2000 may cause systems which are not compliant to produce incorrect results, delete data or shut down. The problem is not restricted to what is typically regarded as computing devices but may affect all types of appliances and equipment having computerized components that are dependent on dates. These may include elevators, HVAC systems, manufacturing systems, financial systems, security systems and even automobiles.

The problem may even affect computer systems that are themselves compliant due to the linkages between systems. A system designed to operate correctly after the Year 2000 may still acquire incorrect data from other systems. In addition, organizations whose systems are fully compliant may encounter problems because they are dependent on suppliers who experience disruptions due to lack of compliance of their systems.

Fixing the Y2K Defect

Fixing the Y2K problem has been projected to cost up to U.S. $600 billion. Many large corporations are each expecting to spend tens or even hundreds of millions of dollars to analyze their systems and make any required changes.

The year 2000 problem is compounded by the long lead time usually required to analyse the problem and carry out the necessary conversion and testing. This is due to the size and complexity of many computer systems. Government agencies and other organizations with a long acquisition cycle may be at a further disadvantage. Some organizations are acknowledging that insufficient time is remaining to correct all systems in time and are instead focusing their efforts on the correction only of their key systems.

Many companies are implementing projects to address their internal exposure to Y2K problems. Prudent organizations are advised to consider comprehensive audits to assess their vulnerability to liability claims and an assessment of possible recourse against existing suppliers. Another recommended step is to write to suppliers and ask them to certify that their products are or will be year 2000 compliant and to outline the action that they are taking to ensure such compliance.

Legal Issues

We have outlined below some of the key legal issues to be considered as part of a comprehensive review by any organization of the year 2000 compliance of its own systems and those of its suppliers or other organizations with which it deals:

1. Contracts: Most types of computer products are acquired pursuant to written contracts. Many such products are also subject to support agreements which require the supplier to correct bugs or deficiencies in the product. The responsibility of a supplier to correct a product that is not year 2000 compliant may depend on the obligations and warranties contained in such contracts. Implied warranties or conditions of merchantability and fitness for a particular purpose may also be applicable. However, suppliers' responsibilities and liability may be limited by disclaimers, limitations on liability and by any applicable statute of limitations.
   
   For instance, some contracts may contain a provision that limits the customer's remedy to correction of a problem. A clause that excludes liability for consequential damages may preclude recovery of many types of costs that may be incurred due to Y2K problems. Some contracts may also limit total liability to an amount paid by the customer under the contract or during a specific time period.
   
   Companies who seek to deal with Y2K problems in their existing systems by acquiring new products should also ensure that the relevant contracts applicable to those acquisitions contain appropriate Y2K warranties.
   
2. Customers who execute new support contracts or are reviewing existing agreements should ensure that such contracts contain appropriate warranties and obligations, and that the customer has the right to extend such contracts past the year 2000.
   
3. Copyright Infringement: Many companies have commenced projects to modify existing software to make it year 2000 compliant. The software may have been developed internally and the organization may own all rights to such software. However, in the case of software that is owned by another party, the organization may have acquired the software pursuant to a limited software license without the right to make modifications. Software licenses that permit the licensee to make modifications may permit such modifications to be made only by employees of the licensee and may prohibit disclosure of the software or the making of modifications by other parties. If an organization utilizes the services of a contractor to assist with year 2000 conversion initiatives in respect of software that is licensed pursuant to such restrictions, then a breach of the license agreement will occur.
   
4. Insurance: Insurance policies should be reviewed to determine if they cover the cost of correcting Y2K problems. Coverage for failures and liability to third parties for Y2K problems should also be reviewed. Insurance policies do not generally provide explicit coverage for Y2K problems, but the problems may fall within general provisions of certain types of policies. However, exclusions for Y2K problems may begin appearing in new policies as insurance companies become more aware of the risks. Some insurance companies have already commenced seeking information from their policy holders as to their exposure to the year 2000 problem.
   
5. Employment Issues: As the year 2000 approaches, many categories of computer programmers, already in heavy demand, will become more difficult to recruit. The difficulty in obtaining the expertise and skill required to deal with the problem may lead to disputes because of the hiring away of programmers by competitors. Increased use of bonuses is likely. A peak in demand for programmers may also require flexibility in employment arrangements and compensation schemes to allow downward adjustments to market levels after the peak.
   
6. Legal Obligations of Disclosure: Companies that reasonably expect to incur significant costs to make their systems year 2000 compliant, or that face potential liability from system failures, may be required to disclose such information in financial statements and filings with regulatory authorities. Failure to disclose information about losses which are known or which can be determined based on due diligence may subject the organization and its officers and directors to fines or other liability.
   
7. Mergers and Acquisitions: Some companies may decide to deal with their Y2K problems by putting problem product lines or even an entire division up for sale. A party contemplating an acquisition should deal with this issue as part of its due diligence and should incorporate appropriate Y2K-related representations and warranties into the acquisition agreement. Vendors of products or a business with Y2K problems that are or should have been known and who do not disclose such problems to a purchaser may find themselves defending claims based on non-disclosure.
   
8. Financings: A similar due diligence review, and use of appropriate representations and warranties, should also be considered as part of any major financing. To the extent that a company seeking financing may be exposed to significant legal liability or business interruption, and corresponding loss of value, due to a year 2000 problem, an investor will wish to obtain a proper assessment of that risk before investing in the company.
   
9. Outsourcing: Another alternative considered by some companies to deal with their Y2K problems is to outsource their information technology operations to an external supplier. Whether such a supplier is responsible for correcting Y2K problems in software or systems transferred as part of the outsourcing transaction is not clear and may depend on factors similar to those relevant to support and maintenance agreements. Parties entering into new outsourcing transactions are advised to deal with the Y2K issue openly and to document their respective responsibilities. Customers entering into outsourcing agreements should ensure that they have a right to keep the contract in force past the year 2000.

The foregoing is not necessarily an exhaustive list of the legal issues that arise from the year 2000 problem. Companies involved in any significant transaction of the kind referred to above or who may have concerns about this problem should contact their legal advisors.

Related Sources: Canadian Legal Resources | Cyberlaw Encyclopedia | Entrepreneur Resources | Canadian Technology | Precedents | Alan Gahtan

© 2005 Alan M. Gahtan. All Rights Reserved | Use is subject to these Legal Terms
Disclaimer: Not all materials may be applicable in your jurisdiction. Not intended to be a substitute for professional advice. No implied endorsement of, or affiliation with, any linked sites. Path to individual pages may change - please link to home page only.   Linking Info