YEAR 2000 - BUGS, BREAKDOWNS & ERRORS

In many cases, older computer systems stored dates as a 6 character ( “byte” ) field, which includes 2 digits each for the day, month and year. eg 290598 for 25 May 1998. In such systems, 1 January 2000, is represented as '010100' which could be either 1 January 1900 or 1 January 2000. Accordingly, any function, which is dependent on a date calculation using 6 byte field dates, is a possible source of error.

Typical information technology disasters that may occur as a result of a date related error include:

• Business interruption
• Loss of data
• Loss of time
• Physical destruction of equipment
• Inability of hardware and software to meet existing or changing business needs
• Migration difficulties
• Personal injury due to defective hardware or software

Typical causes of action arise from:

• breach of contract
• the Copyright Act 1968 (Cth), the Patents Act 1990 (Cth) etc
• the Trade Practices Act (1974) (Cth) ( “the TPA” )
• other relevant legislation such as the Goods Act (Vic) 1958 ( “the Goods Act” )
• tort

If a condition or essential term of a contract is breached

• claim for damages for losses incurred
  • loss of bargain (expectation loss)
  • expenditure incurred in reliance of the contract (reliance loss)
• common law right to terminate the contract.

Terms which are of such importance in IT projects may include

• failure of performance or functional requirements
• excessive down time

If the term is a warranty, then a claim only arises for damages or for rectification of the problem. Typical warranty breaches may include (depending on degree):

• inability to correct minor faults.
• delays in providing support.
• inability to supply certain types of support.
• failure to provide minor functionality or performance requirements.

Implied terms that:

• goods will correspond with their description where they are sold by description and be of a merchantable quality and fit for a particular purpose where one is specified;
• where services are requested for a particular purpose or result then the services will be reasonably fit for that purpose; and
• in certain circumstances there is an implied warranty that there must be care and skill expended in providing the services in connection with contracts of hire or supply of services

Statutory protection depends upon, amongst other things, whether the product is a good or service and whether or not the customer is a “consumer” of the goods or services.

Actions against manufacturers and importers of goods which do not correspond with description, are of unmerchantable quality, which do not conform to sample, are unfit for purpose or manufacturers who do not comply with express warranties.

Defences include that:

• the defect did not exist when the goods were supplied;
• that the defect occurred because of a mandatory standard;
• that the defect could not have been discovered given the state of technical knowledge when the manufacturer supplied the goods; and
• if the defect is in finished goods any relevant markings or instructions supplied with the goods.

Make use of product markings such as warnings and instructions to assist in managing your liability.

• Misleading and deceptive conduct
• False representations
• Liability for future representations for which it did not have reasonable grounds to make
  • Ability of the supplier to provide support services, encryption keys and access to source code that may be required for amendments.
  • Pre-sales literature and representations

Common law rights to rescind a contract for misrepresentation. Representations as to the performance of a computer made in good faith can still be a negligent misrepresentation.

• Common law - No restrictions on clauses in contract.
• TPA related state legislation any attempt to exclude or limit contractual liability that cannot be excluded or limited is void.

An action in the tort of negligence requires :

• a duty of care to be owed by the tortfeasor to the plaintiff
• that there has been a breach of that duty
• that as a result of that breach the plaintiff has suffered damage which is not too remote.

Previous claims in tort have included:

• computerised name searches failing to find appropriate corporate entities or other information
• inaccurate selling/margin prices
• misleading financial information
• incorrect land title information
• failure to renew leases, patents or other renewable items
• inaccurate information in online service
• automatic reports being defamatory
• being informed that money had been paid or won when it was not so due
• inaccurate reservations
• inaccurate records leading to wrongful repossession
• public utilities wrongfully disconnected
• failure to make municipal estimates
• errors in flight control systems
• failure to maintain weather reporting systems
• computer controlled traffic control systems

Make it clear that the information or service provider is not assuming a duty of care.

• warnings of limitations of liability at logon and during use
• warnings on associated printed materials.

Damages which may be recovered from the supplier will be the amount of money necessary to restore the customer to the position it was in before the statement, subject to the loss being foreseeable.

At common law there is a duty on a party to mitigate the loss suffered by breach of contract.

“Trust in the infallibility of a computer is hardly a defence when the opportunity to avoid the error is apparent”

• Backups
• Procedure for dealing with errors

Are you adequately covered by your existing insurance policies?

• Professional indemnity insurance may not cover you if the policy does not cover loss arising from the sale or supply of goods and chattels.
• Public and Product Liability insurance may only cover you for personal injury and property damage.
• Damages for economic loss needs to be expressly considered.

Points to consider in choosing appropriate insurance coverage include:

• What is the duty of care upon the supplier?
• Does your policy extend to overseas coverage?
• The fact that design defects or defects in installation may not be covered.
• Are you covered for breach of contract?
• Is damage to your property or property in your charge or control covered if it is not subject to the liability insurance?
• Is your premium properly adjusted for increase in sales and/or product range?

As the watchdog over corporate activities, the ASIC is involved in educating the business community as to the risks involved in the Year 2000 issue.

The ASC recommends that the following be considered in a Year 2000 project:

• analyse business risks and categorise the importance of each system to the business;
• prepare an action plan for altering systems, replacing systems or retiring systems altogether;
• implement the action plan;
• test each system and its various interactions; and
• set up a regular audit of progress.

In some circumstances, a failure by the directors of a company to implement a Year 2000 plan could constitute a breach of their duties. For example, the Corporations Law and under common law, directors are required to exercise care and diligence in the exercise of their powers and the discharge of their duties. A careful and diligent company director should consider the potential impact of the Year 2000 problem on their company and act on any potential problem areas.

The continuous disclosure regime may require corporations, which are listed or unlisted disclosing entities, to disclose any material effect the Year 2000 issue may have on the price or value of their securities. A company which was subject to the continuous disclosure regime could be required to make disclosure about any substantial costs associated with addressing Year 2000 issues or the likely consequences if it cannot address those issues.

For companies which are disclosing entities and/or public companies the Corporations Law requires the directors' report to include information on likely developments in the operations of a company and the expected results of those operations. Where the financial impact of the Year 2000 issue is likely to be material to the future results or financial condition of the company, it would be reasonable to expect that directors would disclose information in relation to their Year 2000 planning.

Directors should also consider their financial reporting obligations in relation to the Year 2000 issue. Financial statements are generally required to disclose capital and other expenditure commitments contracted for at the end of the company's financial year. That disclosure may be required to include expenditure commitments under contracts with external consultants to undertake any modification of computer software.

In addition to company office holders, investment advisers should also consider whether the companies they are recommending as investments have implemented a Year 2000 plan.

• Do you have a Year 2000 plan?
• Are you dependent on third party products or services that support critical business operations?
• Have you developed and will you be able to implement contingency plans to ensure continued operation of your critical IT systems?
• Have you considered obtaining independent verification of your Year 2000 exposure?
• What is your estimated total Year 2000 project cost and the time required.
• Is there an executive responsible for Year 2000?
• Is there a plan on how to identify, prioritise and correct systems for Year 2000?
• Has all electronic equipment been checked?
• Have key suppliers been contacted regarding their Year 2000 status?
• Does the company understand its legal obligations regarding Year 2000?
• Is there an Audit program for Year 2000 compliance?
• Is Year 2000 a regular agenda item at Board meetings?

This Act is now in operation in Australia. The purpose of the Act is to “encourage the voluntary disclosure and exchange of information about year 2000 computer problems and remediation efforts”. Prior to the Act commencing, when a vendor made a Year 2000 related statement that was inaccurate, the vendor may have been liable for damages for misrepresentation, misleading and deceptive conduct and negligence. Provided that a Year 2000 statement complies with the Act in that it:

• Relates solely to Year 2000 processing in regard to detection, prevention and remediation;
• Includes words to the effect that the statement is a Year 2000 disclosure statement for the purposes of the Act;
• Includes words to the effect that a person may be protected by the Act from liability for the statement in certain circumstances;
• Was made after 26 February 1999 and before 1 July 2001;
• Identifies the person who authorised the statement; and
• Is made in writing or in a data storage device and is capable of being reproduced in writing or is made by way of electronic communication of writing.

the vendor may not be liable for civil actions including negligent misstatement, misleading and deceptive conduct, misrepresentation and defamation in relation to any matter arising out of or incidental to the making of a Year 2000 disclosure statement. The Act does not provided protection when: a Y2K statement is made with the knowledge that it is false or misleading or recklessly as to whether the statement is false or misleading; a Y2K statement is made pre-contractually; the Y2K statement is made under a contractual or statutory obligation; or when a Y2K statement was made to induce consumers to acquire goods or services.

Software and hardware vendors should check that their existing Y2K disclaimers and replies to Y2K surveys comply with the Act, particularly in relation to stating that the statement is made for the purposes of the Act.

The scope for liability and the quantum of damages from claims involving information technology increases daily. Year 2000 problems are applicable to many day to day situations and need to be addressed within a total risk assessment and minimisation plan rather than in isolation.

STEVE WHITE
WHITE SW COMPUTER LAW
JUNE 1999 www.computerlaw.com.au © White SW Computer Law 1999

This paper is designed to give a brief introduction to this topic. If you are interested in obtained further information, our web site - http://www.computerlaw.com.au contains a number of related papers, which we have presented and published. If you have any further queries, please feel free to e-mail Steve White - wcl@computerlaw.com.au, or telephone our office.

Steve White is the Principal of the law firm White SW Computer Law. This firm was established by Steve White after his involvement in the IT industry for a number of years.

White SW Computer Law is a Melbourne based boutique law practice which provides legal services to the IT industry, IT customers and parties with Intellectual Property matters. It provides commercial legal advice and litigation with an emphasis on Intellectual Property and Information Technology issues.

Steve White holds dual degrees in law and computer science and has been a technical instructor for IBM, in Australia and South East Asia, in the use of local area network products and services, operating systems, database design and communications systems. Steve is a member of the Law Institute of Victoria, the Law Institute of Victoria Information technology sub-committee, Victorian Society for Computers and the Law, the Australian Computer Society (Professional Member Grade).

This article is a guide only and should not be used as a substitute for proper legal advice, readers should make their own enquiries and seek appropriate legal advice.