Scottish Group: Year 2000 – Lawyers and Clients

November 1, 1998

A stimulating talk to a large and appreciative audience was given by DrKevin Hind of KPMG, who specialises in IT problems arising from Year 2000issues. Dr Hind started by putting Year 2000 compliance issues in context as oneof a group of broadly related issues – similar challenges arise from ensuringEuro compliance and some years down the line there will be considerablechallenges arising from, as it were, the clocks running out on UNIX systemswhich all operate from a single base date.

Turning to the Year 2000 issues in particular, after explaining broadly thenature of practical consequences of non-compliance, he went on to explain anideal Year 2000 project. Time is now very short. Nothing short of the end of theworld is going to stop the Year 2000 coming in about 15 months time – thedeadline for compliance is non-negotiable. It seems that many companies inEurope have failed to take the necessary steps and by now it is almost too late.Indeed KPMG estimate that about 3 to 4% of the firms trading in Europe will beout of business within a few years of the millennium simply because of failuresin compliance hampering their commercial activities. Indeed the estimate is foran even higher failure rate in Germany. In order to run a Year 2000 project,tight management is critical, because there can be no room for slippage. Thefirst step is to have a proper inventory of the software and hardware used inthe company. Most companies do not even know what software or hardware they haveand frequently upgrading gets overlooked. For example, 90% of the law firms inthe Horsham area are operating on software that is more than seven years old.But it is not only software – nor even the obvious hardware such as computersused within the company. An inventory has to take into account hardware andsoftware used by employees at home on company business and interfaces betweencompany hardware and hardware run by customers.

Upon the basis of the inventory one can determine the steps that are going tobe necessary to ensure compliance and the next stage is to draw up and implementa detailed project plan.

Curiously for an IT specialist, Dr Hind pointed out that it was a bad idea todevelop and monitor the project plan by the use of e-mail. E-mail is aninformal, `conversational’ medium. It does not lend itself to the precision andtight control that is achieved through the writing of formal reports. Therequirement on the persons involved in the project should therefore be to submitproper written reports, even though perhaps these might be annexed to e-mails.Unless this is done there is a danger that the management of the project will betoo slack.

In parallel with the running of the project plan it is necessary also toprepare and have available contingency plans – after all companies might notbe able to fix the problem and they are going to have to consider what to do ifthey cannot.

The final stage of the implementation of the project plan is testing with theneed for the contingency plan to be available to go ahead if, on testing, theproject has either not succeeded or, at any rate, will not have succeeded beforethe deadline.

Dr Hind also pointed out that a Year 2000 project would require to extendbeyond the company’s own systems and necessarily involves an assessment of thelegal and commercial risks arising from non-compliance by third parties dealingwith the company. The other side of this coin is that a company may be on thereceiving end of questionnaires from third parties who are running their ownYear 2000 projects. The firm advice was also for the lawyers acting for thecompany to have prepared a standard response which minimises legal exposure (forexample expressing an intention to be compliant by the date rather thanundertaking to be compliant by that date). The firm advice was not to completeany questionnaires sent by third parties but rather to respond with the standardresponse. Other legal issues also arose – if outside consultants are beingbrought in then the client company needs to ensure that they are competent andsolvent. Failure to ensure competence might in certain circumstances open thecompany to actions by third parties (bearing in mind that the obligation whenhiring an independent consultant is to take reasonable care to hire a competentone).

Solvency is plainly an issue because most professional indemnity insurancepolicies seek to exclude or limit the liability of the insurer in respect ofYear 2000 compliance issues.

Next the client company may be confronted with the possibility of breachinghealth and safety legislation. Many machines have imbedded chips and if theseare not Year 2000 compliant it may lead to malfunctioning of the machines whichmay then cause employers to be in breach of absolute obligations under healthand safety legislation.

The question and answer session ranged from the theoretical to the concrete.In the first category was a discussion as to whether or not programmers andhardware manufacturers might be found liable for having caused the Year 2000problem in the first place. Dr Hind in his role as a hypothetical expert witnessthought perhaps not, given the test of spondet peritiam artis, whereasyour reporter suggested that there might be scope for suggesting that therestill could be liability on the Hunter v Hanley basis especially since,as it seems, Year 2000 compliance problems are largely avoided by Apple Macusers. Metaphorically speaking, though, the jury is still out on the issue.

An example of the more concrete issue was the explanation that fairlyordinary word processing programs which do not appear to contain anytime-sensitive material may nonetheless fail to work after the Year 2000 becauseeach file is assigned a date. Once the Year 2000 has passed, it may be that auser will find that he cannot open any of his files!

Dr Hind’s parting comment was that the Euro is going to cause its own problemsince many programs do not operate with a sufficient number of decimal places topermit the legally-required calculations to be made. He thereby neatly provideda trailer for the Scottish Group’s October Meeting on the legal and ITimplications of the Euro.