BLT: Y2K

"[W]e need every state and local government, every business, large and small, to work with us to make sure that this Y2K computer bug will be remembered as the last headache of the 20th century - not the first crisis of the 21st. "

President William J. Clinton, 1999 State of the Union Address(1)

INTRODUCTION

[1]First came the savings and loan scandal, the asbestos lawsuits, and the tobacco investigations. Now the "Millennium Bug," otherwise known as the Year 2000 ("Y2K") problem, threatens to create the next colossal wave of litigation. However, as the days pass and Y2K problems begin to materialize, many lawyers, legislators, and potential litigants are rushing to prepare for the year 2000 and the impending failures associated with it.

[2]This article outlines the Y2K problem and explains different responses that are being taken to confront it. Part I introduces the Y2K problem and the key issues associated with it. Part II discusses pending Y2K lawsuits and explores common Y2K liability theories. The article then focuses on the actions that are being taken to prepare for the new millennium and to limit potential Y2K litigation in Part III. This section explores the guidelines and information that government agencies and industry associations are providing to help organizations and individuals prepare for the Y2K problem. Part IV reviews both enacted and pending legislation that Congress has introduced to limit the legal ramifications of the Y2K problem. Finally, Part V discusses common sense techniques that governments, businesses and individuals should employ to minimize risks associated with Y2K failures.

I. BACKGROUND

A) WHAT IS THE "MILLENNIUM BUG?"

[3]Before the potential effects of the "Millennium Bug," or the Y2K problem, can be understood, one must have some basic knowledge about what exactly it is. Essentially, the Y2K problem involves an electronic data processing glitch that prevents date-sensitive hardware, software, and embedded chips from calculating accurate dates past the twentieth century. This glitch is a computer programming abbreviation that uses two-digit year dates rather than four-digit year dates.(2) Systems programmed with the abbreviation automatically assume that the first two digits of the year date are 19. As a result, when the computer encounters a year 2000 date, the computer recognizes only "00" and processes the date as the year 1900 instead of 2000.

[4]The Y2K problem is really not a "bug" at all.(3) Several decades ago, computer programmers used two-digit date fields to save invaluable memory and space.(4) Although programmers knew that a problem would arise at the year 2000, few concerned themselves with it.(5) After all, no one thought that people would continue to use the same programs for forty or fifty years.(6) Additionally, every new program had to be designed to interface with old programs.(7) If the new programs had four digit year dates, they would not be compatible with the older programs that utilized two-digit dates.(8) As a result, two-digit year dates became industry standard, and up until the late 1990s, programmers still used the date abbreviation.(9) Now, this space saving tool represents the heart of the Y2K problem.

[5]The "Millennium Bug" is not merely a technical problem. Because world communities are interdependent upon technology, the Y2K problem has business, economic, social, and political ramifications.

B) WHO WILL THE Y2K PROBLEM AFFECT?

[6]The Y2K problem potentially affects everyone. Although many people do not personally use computers, and many computer systems, programs, and embedded chips are not dependent on date-sensitive information, virtually everyone depends on date-sensitive technology and computers.(10) For example, even if a household does not own a personal computer, the household still relies on the grocery store down the road for food, the gas station around the corner for gas and oil, the local hospital for health care services, and the office across town for a paycheck. More than likely, each of those businesses depend on date-sensitive programming or on another business or supplier that depends on date-sensitive programming. Therefore, every person and every business will potentially be affected by the Y2K problem.

C) WHAT PROBLEMS CAN THE YEAR 2000 POTENTIALLY CREATE?

[7]While no one truly knows what will happen, the potential effects of the Y2K problem range from trivial failures to great tragedies. Indeed, only a few coffee machines may fail at midnight, January 1, 2000. However, necessary medical support systems may also fail because of non-compliant embedded chips or software.(11) The actual extent of the Y2K effects will largely depend on how people prepare for the problem before it happens, and how the public reacts to it when it occurs.

[8]Businesses, governments, and individuals acting now to fix potential Y2K problems may highly mitigate actual Y2K effects. For example, if a hospital focuses on correcting non-compliant chips in vital systems before working on non-compliant lounge microwaves, the effects of actual failures will be less damaging. Similarly, if a restaurant knows that its computer system will not be compliant, and then creates alternative procedures for wait staff to effectively place orders to the kitchen and accurately bill clients, many potential failures will be prevented. There are numerous ways organizations and individuals can prepare for the Y2K problems. The only approach that will not help mitigate Y2K effects is doing nothing at all.

[9]Naturally, public reaction to Y2K failures may also alleviate or aggravate the effects of the Y2K problem. If the public reacts fearfully to Y2K errors and failures, the problems could be greatly aggravated. For example, if the lights go out on January 1, 2000 due to non-compliant utility grid failures, and citizens begin rioting and looting our cities, the problem suddenly becomes a crisis. Yet, if the same citizens are informed and react rationally to the blackout, Y2K failures won't be so bad. Certainly, knowledge and common sense will be key factors in making the transition into the year 2000 relatively smooth.

D) WHEN WILL THE Y2K PROBLEMS OCCUR?

[10]Perhaps the biggest misconception about the Y2K problem is that errors will only occur on January 1, 2000. Many Y2K problems have already surfaced.(12) Cap Gemini, a leading technology consulting firm, reported that 7% of 128 large U.S. businesses had already experienced Y2K problems by December 1997.(13) Within four months, that number jumped to 37%.(14) Current estimates predict that Y2K problems will rapidly increase during 1999 and peak shortly after January 1, 2000.(15) Although problems will likely decrease during the year 2000, Y2K incidents are expected to continue for three to five years into the new millennium.(16)

[11]Another misconception about the Y2K problem is that the only processing date that will create Y2K failures is January 1, 2000. On the contrary, several other dates may give rise to Y2K failures. One example is September 9, 1999. Many early programmers used 9999 as an "infinity" date. Naturally, if the computer reads September 9 as infinity, errors will ensue.(17) Another well-known example is February 29, 2000. February 29 is an important date because the year 2000 is a leap year, while 1900 was not. If the computer cannot recognize the additional day, errors will inevitably occur.(18)

E) HOW CAN THE Y2K PROBLEM "TECHNICALLY" BE FIXED?

[12]Chief Information Officers and Chief Financial Officers around the world cringe when asked about fixing the Y2K problem. To date, there are a handful of technical ways to deal with it. Depending on the extent of the problem, one remedy may be more appropriate than another. For example, if a small business risks failure in only one or two software programs, it is probably more cost effective for the business to purchase new compliant products, rather than to hire a programmer to sort through lines of code. However, a large corporation using complex and interdependent systems that rely on custom-designed software probably cannot feasibly purchase entirely new systems.

[13]No matter what the individual circumstances are, there is no "silver bullet" solution to the Y2K problem.(19) Developing a program that scans source code and automatically fixes deficient date codes is unrealistic. There are over 500 different programming languages that have been used to write numerous programs.(20) Any "silver bullet" solution would have to handle the commands and nuances of all programming languages.(21)

[14]The most common way to fix the Y2K Problem is to hire a programmer to manually examine every line of source code in each program, find relevant date codes, and change each one to reflect four digits rather than two. An average software program consists of thousands, if not millions of lines of source code.(22) This process may take years to complete, making it impossible to fix all problems before the year 2000.

[15]However, there are alternatives to manual inspection of each line of source code. One method is to replace the software or non-compliant system with a newer, compliant product. Unfortunately, most governments and businesses cannot afford to overhaul entire information technology systems. Other alternatives include "short-cuts," such as windowing and encapsulation, which temporarily solve Y2K problems by tricking the computer into processing compliant dates.(23) However, most of the short cuts will only delay Y2K failures because they do not actually solve the problem.(24)

[16]The situation becomes more complicated when the noncompliance lies in embedded semiconductor chips. First, Y2K problems in embedded chips may be nearly impossible to find. For example, one oil-drilling rig may have more than 10,000 separate chips.(25) Second, some embedded chips are not date-sensitive, and it is extremely difficult to determine whether a product's chips are date-sensitive or not.(26) Embedded chips cannot be easily read the way lines of source code in software can. Instead, each chip must be individually examined. Therefore, even if a programmer could find all 10,000 embedded chips in an oil rig, the programmer would then have to check each chip to see if it is date-sensitive. Unfortunately, there is no universal "list" available to programmers that explains each type of chip, which products it is used in, and whether it is date-sensitive.(27) Finally, the act of diagnosing embedded chips alone may damage the chips and cause them to malfunction.(28) Clearly, making embedded chips compliant is one of the most difficult tasks involved in the technical Y2K remediation.(29)

[17]Finding qualified people to remediate Y2K problems is also problematic. Inspecting lines of source code and diagnosing non-compliant embedded chips is a task that can only be done by experienced programmers. Many products and programs are decades old and relatively outdated. Finding experienced programmers who are familiar with both old and new programs is both difficult and expensive.

[18]Because most technology is dependent upon other forms of technology, the Y2K problem is not isolated. Therefore, if one part of a system is non-compliant and fails, the entire system may fail. The interdependency problem extends well beyond a single business' system as well. For example, even if a large insurance company spends millions of dollars to make its systems 100% compliant, the systems will still fail if the utility company is not compliant and the power grid is inoperable for three days.

[19]The interdependency problem also extends to system upgrades. Most organizations add new software and components to their technology systems frequently. In order to make a current system fully compliant, programmers must account for all upgrades. For example, if the insurance company's programmers began correcting the entire system in 1997, but the company continued to add upgrades, the programmers would have to be constantly notified of each upgrade and would have to make each upgrade compliant as well. Otherwise, even if the programmers made the old system fully compliant in 1999, the upgrades would not be compliant and would cause failures throughout the entire system.

[20]Naturally, cost is a crucial issue in all Y2K remediation efforts. Estimates regarding the costs for remediation vary greatly.(30) Worldwide, the estimates reach $1.6 trillion.(31) Individual costs will vary according to the magnitude of information technology dependency.(32) For example, a small business may only need to remediate non-compliant software on three or four computers, while a large corporation may have thousands of computers and millions of embedded chips to account for. Accordingly, individual costs may reach only $2,000, while large corporate costs may round off at $560 million.(33) Unfortunately, these estimated costs include only remediation, and not the expenditures needed to clean up future Y2K failures or litigation costs.

II. THE LITIGIOUS RESPONSE

[21]Although the year 2000 is still several months away, conflicts over the Y2K problem have already begun. Of course, the biggest issue in potential Y2K litigation is cost. Litigation will determine who will be liable to pay for the costs of Y2K problems, and who will be liable for bad judgments in dealing with Y2K remediation.

[22]Since June 12, 1997, when the first Y2K lawsuit was filed, more than thirty-nine lawsuits and one arbitration relating to Y2K liability have followed.(34) Most of the pending cases are class actions alleging software, product and system failures.(35) However, many lawyers predict that there will also be several lawsuits in the year 2000 brought by shareholders against corporate defendants.(36) To date, there has been at least one shareholder class action alleging inadequate disclosure of Y2K problems and remediation costs.(37) In Ehlert v. Singer, a corporation was requiring its customers to purchase its Y2K compliant upgrade, rather than providing it to them for free.(38) The company did not adequately disclose this remediation scheme to its shareholders, so the shareholders sued the corporation for making a material misrepresentation and for devaluation of company shares caused by the large number of lawsuits that had been filed against the company.(39) Although Ehlert has not yet been decided, it will lead the path for future shareholder derivative actions relating to the Y2K problem.

[23]The common liability theories of the lawsuits range from breach of contract, breach of express and implied warranties, violation of state consumer protection acts, violation of the Magnuson-Moss Warranty Act, violation of the 1933 Securities Act, deceptive trade practices, malpractice, fraud and negligence.(40) Of course, no one knows which liability theories will prevail because the Y2K problem gives rise to many unprecedented questions. One area of difficulty is how the Y2K problem will be characterized. For example, will courts find that the Y2K problem is a "software defect," which a defendant must remedy, or will the courts characterize the Y2K problem as an "obsolete design" for which a defendant has no duty to remedy?(41)

[24]Also, manufacturers, governments, businesses and individuals have known about the Y2K problem for many years.(42) Does the fact that consumers continued to license and purchase non-compliant products, even though they were aware of the problem, indicate an assumption of the risk? Does aggressive marketing of non-compliant products by vendors and manufacturers indicate anticipatory breaches of contract, fraud, negligence, or even malpractice?

[25]Jury reaction to the Y2K issues is also speculative and will greatly affect litigation. Will juries be sympathetic to companies that are spending millions to fix the problem, or will they feel the Y2K problem was an issue that corporations ignored for too long? These are all uncertain and unsettling issues when governments, businesses, and individuals face the possibility of being sued for Y2K defects.

[26]Another important litigation issue involves the possible remedies that will be available to prevailing parties. So far, Y2K plaintiffs typically seek compensatory damages, incidental and consequential damages, punitive damages, and injunctive relief requiring defendants to notify others who may be harmed, and to fix the product free of charge.(43) If a Y2K plaintiff receives all of these remedies, Y2K defendants could be financially destroyed.

[27]Common Y2K settlement terms may be used to analyze available remedies in future lawsuits. To date, most Y2K settlement terms have been corrective. For example, several companies that were sued because their products were not Y2K compliant settled with the plaintiffs by promising to create a free "patch" that would fix the problem and by giving free upgrades and discounts on future products.(44) The key word is that the solutions are "free." Many companies are finding themselves in the courtroom because they offered Y2K solutions to their customers for a fee.(45)

[28]There are many theories that support Y2K liability, and there are many unsettled issues in Y2K litigation. Potential defendants must be aware of those theories to effectively prepare for and counteract liability issues before the problems occur.

III. THE ADMINISTRATIVE RESPONSE

[29]Because the potential effects of the Y2K problem are so speculative and litigation seems certain, many individuals and organizations are rushing to protect themselves. Fortunately, a few regulatory bodies and industry associations are providing guidelines to help individuals and organizations prepare for and effectively deal with Y2K issues. Although many of the guidelines are designed for specific businesses or entities, most guidelines will protect any government, business, or individual that follows them. This section outlines the main goals of several important agencies and associations, and their efforts to help governments, businesses, and individuals prepare for the year 2000.

A) READINESS DISCLOSURES

[30]Many agencies and business associations are focusing on the need for accurate Y2K readiness disclosures Readiness disclosures serve several important functions. First, they allow customers, investors and vendors to receive full and fair disclosure of organizations' efforts relating to the Y2K problem, so they can make informed business and investment decisions. Second, disclosures afford organizations an opportunity to see where the organization stands with Y2K issues, and what risks are involved. Once an organization sees it has serious risks, it is likely to begin remediation procedures. Third, readiness disclosures can improve existing business relationships. Consumers, investors, and vendors informed of the Y2K status of each company they rely on are more likely to stay in the business relationship through any Y2K failures that occur. Finally, written readiness disclosures may serve as future evidence that an organization was attempting to acknowledge and remedy all Y2K problems before they occurred.

[31]The Securities and Exchange Commission ("SEC") leads the effort for Y2K readiness disclosures and has established a detailed framework by which public companies and investment entities must disclose their Y2K readiness.(46) The SEC requires detailed disclosures regarding each company's readiness and Y2K efforts.(47) Additionally, the SEC provides a wealth of information, including a searchable database of Y2K disclosures to the public.(48)

[32]The SEC has already begun enforcing its disclosure requirements. In October 1998, the SEC fined two brokerage firms, Allegheny Financial Programs, Inc. and Atlantic-Pacific Capital, Inc., for failing to timely file the required disclosure forms.(49) The two firms were among thirty-seven brokerages that the SEC charged in the federal government's first major enforcement action related to the Y2K problem.(50) Nineteen of the charged firms settled with the SEC, by promising to avoid such violations in the future, and paid civil penalties of $5,000 to $25,000.(51) All told, the SEC collected over $235,000 in civil fines.(52)

[33]Although the SEC enforcement actions may seem to be a thorn in the side of companies now, many companies may appreciate the SEC regulations in the future if the disclosures protect the companies against Y2K liability. Disclosure is very important for keeping information flowing between parties and for aiding everyone in mitigating Y2K damages. The disclosures will serve as valuable evidence that the business was making a good faith effort to identify and remediate all of its actual and potential Y2K problems in a timely manner.

[34]Along with the SEC's interest in disclosures, the National Association of Securities Dealers ("NASD") provides extensive information to its members in an effort to insure market integrity and investor protection through the transition into the year 2000.(53) The NASD provides detailed information on how to comply with SEC filing requirements, gives frequent updates on SEC regulations regarding the Y2K disclosures, and offers suggestions on how to prepare for problems associated with the year 2000.(54) Although both the SEC and the NASD focus on public companies and investment entities, every individual, business, and government can benefit from following the disclosure standards and obtaining critical Y2K information.

B) ALTERNATIVE DISPUTE RESOLUTION

[35]Another key in minimizing costly Y2K litigation is alternative dispute resolution ("ADR"). The CPR Institute for Dispute Resolution ("CPR") in New York encourages companies and individuals to mediate Y2K issues rather than litigate.(55) Rather than taking the "I-win-you-lose" approach to Y2K issues in the courtroom, CPR strives to provide real problem-solving techniques to deal with the Y2K issues. To do this, CPR established a Year 2000 Alternative Dispute Resolution Commitment ("Commitment"), which enables companies to commit to ADR before issues arise.(56) CPR consulted with numerous attorneys, corporate counsel, academics, industry association representatives, and professional ADR practitioners to come up with a realistic approach to Y2K mediation.(57) CPR assembled a panel of over seventy lawyers to mediate and arbitrate Y2K disputes.(58) As of March 8, 1999, more than 45 global companies and their subsidiaries pledged to utilize alternative dispute resolution for their Y2K problems, including the City of Flagstaff, Arizona, Anheuser-Busch Company, Ford Motor Company, Bank of America, General Mills and Sony Electronics.(59) CPR's approach represents a push for companies to move toward business-related solutions to Y2K problems rather than heading straight to the courthouse. CPR's Commitment gives local governments and businesses the opportunity to settle Y2K issues in a non-binding yet effective manner. While there are many other individuals and associations pushing for mediation of Y2K issues, CPR's approach provides an excellent framework for alternatives to litigation.

C) PREPARATION

[36]The most universal and important goal in Y2K remediation is preparation. Many agencies and industry associations are helping individuals, governments, and businesses with preparation efforts. For example, the National Institute of Standards and Technology ("NIST") focuses on small to medium businesses and manufacturers. (60) The organization promotes awareness of Y2K issues and provides information to businesses regarding standards and testing procedures for hardware and software.(61) NIST also provides valuable information on how to start remediating Y2K issues.(62)

[37]Another agency pushing Y2K preparation is the U.S. Small Business Administration ("SBA"). (63) The SBA provides in-depth information to small businesses and individuals on what the Y2K problem is and how to start dealing with it.(64) It also provides plain English guidelines on how to file SEC disclosures and how to make other Y2K readiness disclosures.(65) Additionally, the SBA website provides self-assessment checklists for small businesses and guidance on how small businesses should reply to year 2000 readiness questionnaires.(66)

[38]All of these agencies and organizations focus on helping others prepare for the year 2000 and its effects. Although the scope of this article cannot discuss each one, it is noteworthy that there are several more organizations like this. As the year 2000 approaches, even more organizations are emerging to help prevent and prepare for Y2K problems.(67)

IV. THE LEGISLATIVE RESPONSE

[39]Recently, Congress has also turned an ear toward Y2K issues. Because so many Y2K lawsuits have already been filed and Y2K litigation costs have been estimated at one-seventh of the total economy, Congress is focusing much of its attention on preventing litigation and preparing for future Y2K problems.(68) After conducting investigations in 1998, Congress realizes that millions of information technology ("IT") computer systems, programs and semiconductors may fail when processing dates beyond December 31, 1999. Congress also understands that solving the Y2K problem is important to the national economy and security of the United States.(69) As a result, both the House of Representatives and the Senate introduced and fast-tracked several Y2K bills in early 1999.(70) This section highlights Congress's goals for ringing in the year 2000 as painlessly and as litigation-free as possible and explores the potential effects legislation may have on Y2K litigation. This section specifically focuses on Y2K legislation that Congress has introduced to:

encourage governments, businesses and individuals to openly share Y2K readiness and remediation efforts with the public and each other;
protect those who make good faith remediation efforts from Y2K liability, and define duty as reasonable care under the circumstances;
limit consumers' ability to sue governments and companies;
limit the amount of damages that can be recovered for Y2K claims; and
provide funding for small businesses and governments so they can attempt to remediate Y2K problems.

[40]Because each piece of legislation discussed in this section addresses many of the above issues, several key legislative bills will be discussed separately.

A) THE YEAR 2000 INFORMATION AND READINESS DISCLOSURE ACT

[41]President Clinton signed the Year 2000 Information and Readiness Disclosure Act ("Disclosure Act") on October 19, 1998.(71) The goal of the new law was to afford governments, businesses, and individuals opportunities to find common sense solutions for Y2K problems and curb Y2K liability that could lead to litigation.(72)

[42]Congress specifically designed the Disclosure Act to meet three goals.(73) First, the new law encourages disclosure and exchange of information related to Y2K readiness.(74) Many governments, businesses, and individuals were not sharing information regarding Y2K readiness with consumers, vendors, and other companies because they feared liability from statements that were later found to be inaccurate. Additionally, many businesses feared that sharing Y2K information could result in antitrust problems. (75)

[43]The Disclosure Act responds to these fears by providing a safe harbor provision that allows individuals and businesses to share information about their Y2K readiness with the public, each other, and competitors.(76) The Disclosure Act assures makers of Y2K readiness statements that their own statements cannot be used against them if the statements later turn out to be inaccurate or misleading, as long as the maker provided the statement after an honest and good faith assessment.(77) Further, the Disclosure Act ensures that statements made in good faith about Y2K readiness will not be considered a creation of a warranty or an amendment to existing contractual obligations.(78) The Disclosure Act also provides that antitrust laws do not apply when Y2K information is shared solely for the purpose of facilitating Y2K remediation.(79)

[44]Second, the Disclosure Act helps governments, small businesses, and consumers respond to Y2K problems.(80) Rather than forcing each government, business, and individual to create their own solutions to the Y2K problem, the Disclosure Act encourages dissemination of information.(81) Finally, the Disclosure Act establishes uniform principles for Y2K readiness disclosures to lessen the burdens on interstate commerce.(82) These uniform legal principles relating to disclosures preempt certain state laws that would otherwise apply to inaccurate Y2K readiness statements.(83)

[45]However, the Disclosure Act does contain several important limitations. First, the Disclosure Act only protects specific Y2K statements. Written Y2K statements must be clearly identified as Year 2000 Readiness Disclosures and must be made between October 19, 1998 and July 14, 2001 to qualify under the Disclosure Act.(84) Statements made between January 1, 1996 and October 19, 1998 may be included retroactively in the Disclosure Act's protection, but only if the statement meets the Act's criteria and the maker of the statement notified the person the notice was originally given to within 45 days.(85) The Disclosure Act protects oral Y2K statements only if they were made between July 14, 1998 and July 14, 2001.(86) Second, the Disclosure Act's Year 2000 Statements do not include SEC readiness filings or many other statements made in the course of soliciting sales.(87) Thus, public corporations and investment agencies may be held accountable for their SEC readiness disclosures. Despite these and other limitations to the Disclosure Act, it can provide significant protection to entities and individuals. In essence, the Disclosure Act allows makers of Year 2000 Statements to make frank and realistic Y2K assessments without fear of liability. Ideally, this free disclosure will lead to efficient and prudent Y2K remediation and contingency planning.

B) THE Y2K ACT

[46]The most recent and the most controversial new law relating to the Y2K problem is the Y2K Act.(88) The new law is a compromise between Senator John McCain's (R-AZ) Y2K Act (S. 96) and Representative Thomas M. Davis' (R-VA) Year 2000 Readiness and Responsibility Act (H.R. 775).

[47]The Y2K Act is designed to allocate precious economic resources toward fixing the Y2K problem and mediating disputes rather than spending time and money on frivolous lawsuits relating to actual or potential Y2K failures. The new law applies to all actual and potential lawsuits arising between January 1, 1999 and January 1, 2003.(89) However, its provisions do not apply to personal injury or wrongful death suits or in cases where existing contractual provisions apply.(90)

[48]The Y2K Act affects Y2K litigation in several important ways. First, it establishes a mandatory waiting period before plaintiffs may initiate Y2K-related litigation.(91) Under the Y2K Act, all plaintiffs suing for remedies other than injunctive relief must submit written notice to each defendant.(92) The notice must detail the basis of the plaintiff's claim and intention to sue.(93) Upon receipt of the notice, the defendant has 30 days to respond to the plaintiff, acknowledging receipt of the notice, describing actions it intends to take to remediate the identified problem, and stating whether it is willing to engage in alternative dispute resolution.(94) If the defendant does not intend to cure the defect, the plaintiff can sue on the 31st day.(95) If the defendant does plan to address the problem, the defendant has an additional 60 days to cure the defect, and the plaintiff may only sue if the defendant fails to do so by the end of the 90-day period.(96) The purpose of the mandatory "cooling off" period is to encourage the parties to resolve their disputes outside the courtroom.(97)

[49]Second, the Y2K Act establishes proportionate liability standards for damages in tort lawsuits where multiple actors share responsibility for the Y2K failures.(98) Accordingly, a defendant who causes 10% of the Y2K problems involved in the lawsuit will only be liable for 10% of the damages. However, several consumer protection exceptions apply. For example, a defendant will be held jointly and severally liable for damages if the defendant acted fraudulently, or with specific intent to injure the plaintiff.(99) Furthermore, defendants are jointly and severally liable when the plaintiff is a consumer suing as an individual for a defective product or is an individual with a net worth less than $200,000 and the judgment is less than 10% of the plaintiff's net worth.(100) This proportionate damages provision clearly shows a compromise between protecting technology corporations from large damage awards and keeping consumer protection interests in view.

[50]The Y2K Act provides incentives for Y2K defendants to settle by discharging defendants who settle non-contract Y2K actions from contribution claims by other parties.(101) Additionally, if a defendant enters into a settlement with the plaintiff before a final verdict is given, the court will reduce the final verdict against the remaining defendants by the amount corresponding to the settling defendant's percentage of responsibility, or the amount the defendant paid the plaintiff in settlement, whichever is greater.(102)

[51]Third, the Y2K Act limits punitive damages in two instances. In the first instance, punitive damages are limited in lawsuits where the defendant has a net worth equal to or less than $500,000 and is sued as an individual.(103) In the second instance, punitive damages are limited where the defendant is a business or other organization with fewer than 50 employees.(104) In these two examples, a plaintiff must prove the applicable standard for punitive damages by clear and convincing evidence.(105) Once that standard has been met, punitive damages may be awarded, but are limited to three times the amount of the compensatory damages or $250,000, whichever is less.(106) The punitive damages cap does not apply if the defendant specifically intended to injure the plaintiff. No punitive damages may be awarded if the defendant is a government entity.(107)

[52]Fourth, the Y2K Act establishes that Y2K lawsuits may be maintained as a class action only if the Y2K failure constitutes a "material defect."(108) The Y2K Act defines "material defect" as a defect that substantially prevents the item or service from operating or functioning as designed or according to its specifications.(109) The definition clearly excludes minor failures.(110) Further, the Y2K Act establishes notification procedures, requisite jurisdictional requirements, and requires specific pleadings in all Y2K actions.(111) This makes it more difficult for plaintiffs to bring class actions and requires a monetary claim of $10 million before the class action can be brought in federal court.(112)

[53]Fifth, the Y2K Act creates a duty for all persons to mitigate Y2K computer failures and resulting damages.(113) Plaintiffs will not be allowed to recover for damages they should have reasonably been aware of and could have reasonably avoided.(114) This provision is very important because people around the country have known about the Y2K problem for many years. If the defendant gave the plaintiff notice that a product would not be Y2K compliant, and the plaintiff could have reasonably avoided damages resulting from that non-compliance, the plaintiff cannot sue the defendant for any avoidable damages.

[54]The Y2K Act also establishes a "Y2K Upset" defense for defendants who failed to comply with government regulations due to a Y2K failure beyond their control.(115) There are many exceptions to this defense.(116) However, if the defendant can meet the conditions necessary to demonstrate a Y2K upset, the defendant has a 15-day grace period to fix temporary non-compliance before the government may impose a fine.(117)

[55]The Y2K Act is a detailed law that promotes settlement and discourages Y2K litigation. However, due to the controversy that surrounded the passage of the Y2K Act, the new law also provides consumer protections. Regardless of the side a party to a Y2K lawsuit is on, the Y2K Act will affect almost all Y2K litigation and should be thoroughly consulted by all parties with actual or potential Y2K lawsuits.

C) YEAR 2000 FAIRNESS AND RESPONSIBILITY ACT

[56]Following closely behind the heels of H.R. 775, Senator Orrin G. Hatch (R-UT) introduced S. 461, entitled the "Year 2000 Fairness and Responsibility Act." S. 461 offers many similar provisions as H.R. 775.(118) However, one of the key thrusts of S. 461 is to provide a uniform federal response to Y2K problems.(119) When introducing the act, Senator Hatch emphasized that there are already over 117 Y2K bills pending in state legislatures.(120) If Y2K issues are left to state legislation, Y2K issues will be further complicated by extensive forum shopping and inconsistent treatment of Y2K cases.(121) Accordingly, the act insures uniformity by giving federal courts exclusive jurisdiction over all Y2K problems.(122) In view of the recently enacted Y2K Act, it appears that the legislature does not want federal jurisdiction over all Y2K lawsuits, so Congress is unlikely to pass this bill as written.

D) YEAR 2000 CONSUMER PROTECTION PLAN ACT OF 1999

[57]Representative Donald A. Manzullo (R-IL) introduced H.R. 192, entitled the "Year 2000 Consumer Protection Plan Act," on January 6, 1999.(123) H.R. 192 establishes specific and uniform proceedings for the resolution of Y2K conflicts.(124) H.R. 192 requires all Y2K complainants to undergo mandatory arbitration.(125) During arbitration, a plaintiff may recover damages after showing by a preponderance of the evidence that: 1) the Y2K failure caused a foreseeable loss; 2) the defendant's action or inaction was unreasonable under the circumstances; and 3) the loss was proximately caused by the defendant.(126) Furthermore, H.R. 192 states that directors and officers of a corporation who are defendants in Y2K lawsuits will be held personally responsible only if they failed to use due diligence.(127) Thus, H.R. 192 defines duty at a reasonableness level, and considers all Y2K circumstances and efforts.

E) BUSINESSES UNDERGOING THE GLITCH (BUG) ACT

[58]On January 6, 1999, Representative Karen L. Thurman (D-FL) introduced H.R. 179, entitled "Businesses Undergoing the Glitch (BUG) Act."(128) H.R. 179 will help small businesses cope financially with Y2K problems by enabling them to treat costs for fixing Y2K problems as tax deductible expenses.(129) For example, H.R. 179 permits up to $40,000 in tax deductions from gross income for each small business's Y2K remediation costs.(130)

F. Y2K STATE AND LOCAL GAP (GOVERNMENT ASSISTANCE PROGRAMS) ACT OF 1999

[59]On January 19, 1999, Senator Daniel P. Moynihan (D-NY) introduced S. 174, entitled the "Y2K State and Local GAP Act of 1999 ("GAP")."(131) GAP provides financial assistance for combating the Y2K problem by providing funding to states that need to correct Y2K problems in state and local government programs.(132) Covered programs include TANF, MEDICAID, the food stamp program, WIC, child support enforcement programs, child welfare, and child care programs.(133) Funding will come from the $40,000,000 of the Y2K Emergency Supplemental Funds, which Congress appropriated to carry out GAP during the fiscal years of 1999 to 2001.(134) GAP allows each state to qualify for two grants.(135)

[60]Although there have been several other bills introduced into the House of Representatives and the Senate in 1999, the above legislation outlines most of the important issues that deal with helping governments, businesses, and individuals prepare for the year 2000, and avoid litigation for Y2K problems. In addition, many state legislatures have passed their own Y2K laws. Overall, the main goals of the new laws and pending legislation are limiting Y2K liability and damages and defining duty in Y2K situations as reasonable care under the circumstances presented by Y2K. Of course, Congress is also interested in providing uniform judicial procedures and financial assistance to those who could not otherwise afford Y2K remediation efforts. Regardless of which laws are passed and which are rejected, the proposed and recently passed legislation should assist organizations in preparing for the important issues that may lie ahead.

V. THE "SELF-HELP" RESPONSE

[61]After reviewing pending Y2K cases and Y2K legislation, only one thing is certain: the outcome of the Y2K problem is unknown. However, there are many ways for governments, businesses, and individuals to independently prepare for Y2K problems. Although little to no law is on point concerning Y2K problems, the pending case law and legislation should be used as a guide for assessing the important Y2K issues. It is essential to plan and prepare to meet those issues adequately. Y2K planning is complex and varies greatly from one organization to the next. Accordingly, this section only highlights and briefly discusses the key issues involved in effectively preparing for the year 2000.

[62]The first step in Y2K planning is acknowledging the problem and its scope. Virtually every government and business is dependent upon technology for the manufacture and delivery of goods or services. Similarly, almost all of those businesses are also dependent upon other vendors or suppliers that also depend on information technology. Because every commercial relationship will involve potential Y2K problems, every organization has the possibility of becoming a plaintiff or a defendant in a Y2K conflict. Accordingly, each side of the coin must be kept in mind when preparing for Y2K issues.

[63]Each organization will have varying circumstances that may be relevant to future Y2K problems, and there are several important questions to ask at the outset. For example:

How dependent is the organization on computers and technology?
How complex are the systems involved?
How old are the systems and license agreements related to them? (This may affect statute of limitations.)
How dependent is the organization on other vendors and suppliers who may also have Y2K problems?
Who are those other vendors?
What will happen if supply is interrupted?
Are there other options (i.e. other suppliers) to turn to?
Are any of the suppliers overseas?
What is the Y2K remediation status of each of the vendors and suppliers?
Is the organization subject to federal or state regulation agencies that have addressed Y2K issues, such as the SEC?
Does the organization transact business internationally?

[64]If the organization appears to have serious Y2K risks after answering these questions, careful planning and documentation of remediation efforts is necessary. However, this process requires more than technical analysis. Organizations must resolve both management and legal issues.

[65]On the management end of the spectrum, the organization must engage in strategic planning. This involves risk assessment and the development of Y2K plans and policies. After risks are assessed, the organization should prioritize each risk factor so that the most important systems are fixed first. Next, the organization should formulate contingency plans for each assessed risk in case the system still fails.

[66]The goals of Y2K legal planning should be: 1) to show adequate policies are in place; 2) to prove that processes and choices in Y2K remediation were reasonable; 3) to show senior management met their fiduciary duties; and 4) to minimize loss caused by Y2K failures. This planning should include legal counsel to make certain that planning is adequate. Additionally, the presence of a lawyer may serve as future protection in the courtroom because of the attorney-client privilege.

[67]During the Y2K planning process, communications with persons within the organization, with businesses and suppliers the organization relies on, and with the organization's customers and end users are essential. The organization must also prioritize communications using the risk assessment. Relevant written communications may become very useful in the future for proving the organization's reasonableness and due diligence. If nothing else, the communications will provide information to everyone involved, and will strengthen relationships at the same time.

[68]Adequate documentation is also essential. Documentation is necessary for three reasons. First, it forces the organization to review the Y2K remediation process. Second, it preserves valuable knowledge. If an employee leaves with Y2K information (such as information regarding the extent of technical remediation in certain programs), much valuable ground may be lost in the remediation process. Finally, adequate documentation will serve as future protection from litigation. Every step management takes to minimize Y2K losses should be put in writing, and all documentation should be stamped with the words "Year 2000 Readiness Disclosure." That way, even if the Y2K assessments turn out to be inaccurate, plaintiffs may not be able to use the assessments against the organization later because the documents were made in good faith.(136)

[69]In the same vein, most organizations will receive documentation and readiness questionnaires from other companies. These questionnaires should not be ignored. They are great opportunities to show the reasonable actions being taken and due diligence on the part of the officers. Similarly, if the organization sends out a Y2K questionnaire, the organization should not allow it to go unanswered. Neglecting the questionnaires indicates a lack of diligent preparation. It is essential to always keep in mind the potential depth of the Y2K problem when preparing for it.

[70]Reviewing existing contracts is another essential part of Y2K planning. It is necessary to go through all existing contracts to find any warranties that may cover Y2K problems. "Acts of God" in force majeure clauses will not give rise to Y2K liability on the promising party, but "acts beyond the control of the corporation" may give rise to liability because arguably, remediating the Y2K problem is within the control of the company. If there are warranties that may cover Y2K failures, companies should determine exactly what Y2K issues would be covered.(137) Parties providing warranties for Y2K problems in contracts may want to terminate the contract or fail to renew it. Parties that wish to have such warranties added to existing contracts may threaten to terminate the contract and go elsewhere if such a warranty is not provided. Similarly, when entering into new contracts, it is essential to keep Y2K problems in mind and carefully negotiate the contracts accordingly.

[71]Insurance policies must also be carefully reviewed. Current policy terms might cover third party costs for Y2K remediation and liability. Also, entities should review insurance renewals carefully and watch for specific Y2K exclusions.

[72]Before beginning technological remediation of systems, management should discuss potential copyright issues that may be involved if an outside party is completing the repairs. Just because the organization has a license to use software does not mean they have a license to modify it. If necessary, organizations may have to obtain permission from software licensors to repair the system.

[73]On the technological end of the spectrum, remediation involves several different issues. First, organizations should fix each system according to its priority ranking in the risk assessment. Second, once the work begins, the organization should document each step taken. As each step is completed, the organization should thoroughly test the technology to ensure Y2K compliance. Usability, portability, reliability, and compatibility should all be important criteria in testing.(138)

[74]Third, the organization must keep resynchronization in mind when remediating the technology. Often, fixing Y2K problems can take years. During that time, organizations frequently update and upgrade their systems. The organization must fix those upgrades along with the main systems, or the corrected system will not work the same as the current systems. Similarly, remediated systems must be compatible with all other working systems or they will fail. Finally, the organization should implement and re-test the systems.

[75]The bottom line is that every government, business, and individual at risk for Y2K failures must do something to stay out of the courtroom. If no action is taken, courts are likely to find gross negligence and flagrant disregard for Y2K responsibilities. With adequate planning, on the other hand, the courtroom may be avoided altogether.

VI. CONCLUSION

[76]Y2K problems will occur, and they could affect anyone, in limitless ways. Perhaps the effects will only create a few headaches. Perhaps they could create the next Great Depression. No one knows. In the meantime, it is essential for every government, business, and individual to prepare for the year 2000, with the primary goal of mitigating potential Y2K effects. To date, Congress, business organizations, regulatory agencies, and pending litigation have defined a variety of important issues that encompass the Y2K problem. Every government, business, and individual should use those issues to guide preparation and planning for the effects of the new millennium.

ENDNOTES

1. President's Address Before a Joint Session of the Congress on the State of the Union, 35 Weekly Comp. Pres. Doc. 78, 85 (Jan. 25, 1999).

2. For example, July 29, 1973 has been programmed as 730729 instead of 19730729.

3. Computer "bugs" are programming errors. The two digit abbreviations that have given rise to the Y2K Problem were intentionally used by early programmers. What is a Computer Bug? (visited Mar. 8, 1999) <http://www.southam.com/nmc/guide/computips/bug.html>.

4. See The United States Senate Special Committee on the Year 2000 Technology Problem, 105th Cong., Investigating the Impact of the Year 2000 Problem, S. Prt. 106-10 (Feb. 24, 1999), at 7 [hereinafter Senate Report]. The Committee report states that computer memory in the 1960s cost approximately $1 per byte. In comparison, today memory costs approximately $1 per million bytes. This illustrates the extreme costs of computer memory and space in the 1960s and justifies why programmers cut corners to save space. See id. at 9.

5. See id. at 10.

6. See id.

7. See id.

8. Id.

9. Id.

10. The Y2K Problem poses a substantial threat throughout the world. Unfortunately, many countries are nowhere near as knowledgeable or prepared for Y2K issues as the United States.. Because the international issues relevant to the Y2K are very broad and complex, the scope of this article will be limited to the Y2K efforts made within the United States.

11. See Senate Report, supra note 4, at 3-4. Hospitals and medical facilities are among the greatest industries at risk for Y2K problems. According to the Gartner Group, a leading computer industry analyst, 64% of hospitals have no intention of testing and implementing Y2K remediation efforts, and 90% of physicians' offices are completely unaware of their Y2K risks. Id. at 4.

12. See id at 10. For example, a Michigan grocery store began experiencing Y2K failures in 1997, when its computerized cash register could not process credit cards with expiration dates in 2000 and 2001. Incidentally, this failure gave rise to the first Y2K lawsuit filed. See Produce Palace Int'l v. Tec-America Corp., No. 97-3330-CK (Mich. Cir. Ct. Macomb County, settled Sept. 9, 1998).

13. See Senate Report, supra note 4, at 10 (citing testimony of Dr. Judith List, July 31, 1998).

14. See id.

15. See id.

16. See id.

17. See The Year 2000 Project, Critical Dates (visited October 20, 1999) <http://www.sdhc.k12.fl.us/~year2000/critical.htm>.

18. See id.

19. See Senate Report, supra note 4, at 3-4.

20. See id.

21. See id.

22. For example, Chase Manhattan Bank must check 200 million lines of code, 70,000 desktop computers, and 1,000 software packages from 600 separate software vendors. See President's Remarks on the Year 2000 Conversion Computer Problem (Jul. 14, 1998) in 34 Weekly Comp. Pres. Doc. 1376, 1378, Jul. 20, 1998 (reprinted at the Office of the Press Secretary (visited Nov. 1, 1999) <http://www.whitehouse.gov/WH/New/html/19980714-5571.html) [hereinafter President's Remarks].

23. Short cuts are techniques used to teach the program how to respond to date codes. For example, "windowing" would tell the computer that numbers less than 50 represent the year 2000, while numbers over 50 relate to the year 1900. Thus, when the computer reads a date code of Jan. 1, 2000, it will not fail. However, these short cuts are only temporary fixes and leave the potential for future failures. Below are several other "Y2K Solutions."

Date-date expansion : Convert all two-digit dates to four-digit dates in the data files.
Software-date expansions: Handle the date expansion requirements in the software doing the calculation.
Compliant commercial software: Purchase Y2K compliant software.
Binary date encoding: Modify the software to represent dates at the bit level. Two bytes, or 16 bits, can account for over 65,000 years.
Database duplication: Develop two- and four-digit versions of databases to work with compliant and non-compliant software.
Redevelop software: Redesign the software so it is compliant.
Year interception: Catch all date calculations and replace erroneous results with correct ones.
Windowing: Choose an appropriate year, such as 1950, and process all years between 50 and 99 as 20th century dates, and all years between 00 and 49 as 21st century dates.
Year Shifting: Use the 28-year cycle of the calendar and shift dates until all dates that need to be processed are in the same century. This short cut is also known as "encapsulation."
Manual: Reinstitute non-automated processes (i.e. get a pen and piece of paper).

The figure below represents the average length of implementation for each solution in comparison to the reliability of each solution.

See Senate Report, supra note 4, at 163 (citing Edmund X. DeJesus, Year 2000 Survival Guide, BYTE MAG., July 1988, at 53).

24. Id.

25. See President's Remarks, supra note 22, at 1378.

26. See generally Senate Report, supra note 4, at 11.

27. See generally Andrew Rigby, Y2K Review Of Legal Issues Involving Embedded Systems (visited Sept. 24, 1999) <http://www.tarlo-lyons.com/depts/it/y2kemb.html>.

28. See id.

29. See id.

30. See Senate Report, supra note 4, at 10.

31. See id (citing Steve Prentice, Year 2000 - The Enemy Within the Network, Address before GSA Conference (Nov., 1998)).

32. See Senate Report, supra note 4, at 3-4.

33. See id. Citicorp, General Motors, Credit Suisse Group, Bank America, Chase Manhattan and J.P. Morgan have estimated Y2K costs at over $2.4 billion dollars collectively. Alone, Merrill Lynch has estimates Y2K expenditures up to $560 million.

34. Produce Palace Int'l v. Tec-America Corp., No. 97-3330-CK (Mich. Cir. Ct. Macomb County, settled Sept. 9, 1998), was the first Y2K lawsuit. It was not a class action, and it was one of the only Y2K cases that alleged actual harm. The plaintiff sued Tec-America because its credit card processing system crashed every time a credit card was processed that had an expiration date on or after January 1, 2000. Many other Y2K cases have developed since. See, e.g., Michelle L. Mears, Lisa J. Smith, Plaintiffs Bite Back at Y2K Bug; Y2K Effects Will Be Pervasive and Will Give Rise to a Wide Range of Litigation, Texas Lawyer, Feb. 8, 1999, at 22; Rebecca Mowbray, Problem Already Creating Virtual New Wave of Litigation, The Houston Chronicle, Jan. 1, 1999, at 5.

For detailed summaries of Y2K cases and links to the actual complaints that were filed in each, see, e.g., Hancock, Rothert & Bunshoft, LLP, Litigation (visited Nov. 4, 1999) <http://www.2000law.com/Year2000.asp>; Information Technology Association of America, Next Millennium Consulting: Litigation Tables (visited Mar.10, 1999) <http://www.consult2000.com/litigati2.htm>; Weikers and Co., Pending Y2K Cases (visited Nov. 4, 1999) <http://www.softwarelitigation.com/y2k.htm>.

35. See, e.g., Capellan v. Symantec Corp., No. CV772484 (Cal. Sup. Ct., Santa Clara County, filed Feb. 19, 1998, partially dismissed Mar. 23, 1999) (demanding Symantec Corp release a free upgrade that is year 2000 compliant of Norton Anti-Virus software); Cameron v. Symantec Corp., No. CV72482 (Cal. Sup. Ct., Santa Clara County, filed Mar. 4, 1998) (same); Peerless Wall & Window Coverings, Inc. v. Synchronics, Inc., No. 981084 (W.D. Pa., filed June 24, 1998) (demanding upgrade of non-compliant hardware and software).

36. See Mowbray, supra note 34, at 5. See also Peter J. Whalen and Alan A. Anderson, Year 2000 Diligence from the Corner Office, ANDREWS YEAR 2000 LAW BULL. (June 1998) (visited Oct. 28, 1999) <http://www.2000law.com/my_html/diligence.html> for a discussion on shareholder lawsuits and the business judgment rule as a possible shield against liability.

37. See Ehlert v. Singer, No. 8:98cv02168 (M.D. Fla., filed Oct. 23, 1998).

38. Id.

39. Id.

40. Plaintiffs are basing their claims on many other theories. In fact, most causes of action combine several different theories. For detailed summaries of Y2K cases and links to the actual complaints that were filed in each, see, e.g., Hancock, Rothert & Bunshoft, supra note 34; Information Technology Association of America, supra note 34; Weikers and Co., supra note 34.

41. As noted above, the Y2K problem stems from intentional design decisions made by early computer programmers to use two digit date fields rather than four digit date fields in the interest of preserving valuable space and speed. Thus, even though plaintiffs may base their claims on the idea that the Y2K problem is a "defective design," courts may very well find that the Y2K problem is merely an obsolete design. This would mean that manufacturers would have no responsibility to remedy the "problem." An analogy can be made to a 1957 Chevy. Those automobiles do not have the advanced safety systems that are necessary for today's standards. Today, a car lover may still purchase and operate a 1957 Chevy. However, that does not mean the car lover could sue GMC for defective design because the 1957 Chevy doesn't have airbags or anti-lock breaks.

42. See Senate Report, supra note 4, at 10. (discussing knowledge of managers and programmers)

43. See, e.g., Glusker v. Medical Manager Corp., No CV775812 (Cal. Sup. Ct., Santa Clara County) (settled Dec. 17, 1998); College v. Medical Manager Corp., No. 986401-J (Fla. Cir. Ct., Hillsborough County) (settled Dec. 16, 1998); Courtney v. Medical Manager Corp., No. ATL-L-2031-98 (N.J. Sup. Ct., Atlantic County) (settled Dec. 16, 1998); Atlaz Int'l, Ltd. v. Software Business Technologies, Inc.,No. 172539 (N.Y. Sup. Ct., New York County) (settled Oct. 14, 1998).

44. See e.g., Glusker, No CV775812 (Cal. Sup. Ct., Santa Clara County) (as part of settlement, software licensees may receive a free, compliant product, or a free, compliant module or share in the settlement fees); College, No. 986401-J (Fla. Cir. Ct., Hillsborough County) (same); Courtney, No. ATL-L-2031-98 (NJ Sup. Ct., Atlantic County) (same); Atlaz, No. 172539 (NY Sup. Ct., New York County) (as part of settlement, software licensees may receive a free "Century Date Kit," which will enable users to make their software complaint. Owners of early software versions will receive discounts on upgrades.)

45. See, e.g., Capellan v. Symantec Corp., No. CV772484 (Cal. Sup. Ct., Santa Clara County); Cameron v. Symantec Corp.No. CV72482 (Cal. Sup. Ct., Santa Clara County); Chilelli v. Intuit, Inc., No. 402582/98 (N.Y. Sup. Ct., Nassau County) (dismissed Dec. 1, 1998).

46. See generally Statement of the Commission Regarding Disclosure of Year 2000 Issues and Consequences By Public Companies, Investment Advisors, Investment Companies, and Municipal Securities Issuers, Securities and Exchange Commission, 17 C.F.R. pts. 231, 241, 271, 276 (July 1998) (Release Nos. 33-7558; 34-40277; IA-1738; IC-23366; International Series Release No. 1149), 63 FED. REG. 41394 (Aug. 4, 1998) [hereinafter SEC Statement Regarding Year 2000 Issues].

This section focuses primarily on the SEC regulations directed toward public corporations. However, the SEC regulates disclosure by municipal securities, investment advisors and investment companies because they play such a key role in the financial markets as well. See id. The SEC has very detailed guidelines for investment companies and advisors, which are very similar to those required for public companies. See generally id.

However, the SEC's control of municipal securities is limited to anti-fraud regulation because they are generally covered by statute and not by the federal securities laws. See id. at IC.

Although the protection is limited, it is important because state and local governments have over $1.3 trillion dollars invested in municipal securities. See SEC Staff Report on the Municipal Securities Market (The Division of Market Regulation) 1 (Sept.1993); THE BOND BUYER SECURITIES DATA COMPANY 1998 YEARBOOK 64 (1998).

47. The SEC has established a specific regulatory framework with two primary goals. See generally SEC Statement Regarding Year 2000 Issues, supra note 46. First, the SEC provides guidance to public companies and investment organizations, so they can determine whether they have Y2K issues that must be addressed and disclosed. See id. This guidance should help companies confront Y2K issues and disclose Y2K readiness. Additionally, disclosure may act as evidence of good faith and due diligence later if problems should occur. Second, the SEC guidelines allow investors to receive full and fair disclosure of corporate efforts relating to the Y2K Problem so investors can make informed investment decisions. See id.

The SEC set up a regulatory framework whereby public corporations must disclose Y2K readiness if the corporation's Y2K assessment is not complete, or if the corporation's management determines that Y2K consequences will have a material effect on the business, regardless of the company's efforts to avoid Y2K consequences. See id. Because most companies fall into one or both of the above categories, most public companies are required to give full and fair Y2K disclosure. See id. This disclosure includes the company's state of readiness, the costs to address the company's Y2K issues, the company's risks related to Y2K, and the company's contingency plans. Disclosures should be reasonably specific and may be tailored to each company's circumstances. All disclosures should be made in the Management's Discussion and Analysis of Financial Conditions and Results of Operations (MD&A) section with other known trends or uncertainties that are likely to have a material impact on the company's business. See id.

48. See The United States Securities and Exchange Commission (last modified Aug. 5, 1999) <http://www.sec.gov>. The site provides a searchable database of current Y2K filings, news bulletins, legislative information, and investor information.

49. See The United States Securities and Exchange Commission, Two Brokerage Firms Censured, Ordered to Cease and Desist and Fined For Failing to Make Timely Year 2000-Related Disclosure, Rel. 34-40948; File No. 3-9759 (visited Mar. 9, 1999) <http://www.sec.gov/news/digests/01-15.txt>. The order stemmed from the investment companies' failure to file Form BD-Y2K. Allegheny Financial Programs, Inc. is based in Weston, West Virginia and Atlantic-Pacific Capital, Inc. is in Greenwich, Connecticut. The two firms were each charged $5000, and estopped from committing future violations, as part of a settlement agreement. Neither firm admitted or denied any wrongdoing.

50. See Two Brokerages Fined By SEC in Y2K Actions, Bytes in Brief, (visited Mar. 5, 1999) <http://www.senseient.com/news02_1999.htm>.

51. See id.

52. See id.

53. The NASD's membership includes virtually every broker/dealer in the nation that does a securities business with the public. Currently, this totals more than 5,500 securities firms with more than 62,000 branch offices. Information on NASD membership and its benefits can be found at NASD Members (visited Nov. 4, 1999) <http://www.nasd.com/>.

54. See The National Association of Securities Dealers, Inc. (visited Mar. 12, 1999) <http://www.nasd.com/>; NASD Memorandum to All International NASD Member Firms, (last modified Feb. 17, 1999) <http://www.nasdr.com/2610_1998.asp>.

55. See CPR Institute for Dispute Resolution (last modified Aug. 4, 1999) <http://www.cpradr.org/>.

56. See CPR Institute for Dispute Resolution, Resolving Year 2000 Business Disputes (visited Mar. 10, 1999) <http://www.cpradr.org/Y2Kinformationpage.htm>.

57. See CPR Institute for Dispute Resolution, Press Release Dated November 30, 1998: Twelve Major Multi-National Corporations Commit to Alternative Dispute Resolution ("ADR") to Resolve Year 2000 Disputes (visited Nov. 4, 1999) <http://www.cpradr.org/NovemberY2KPress.htm>.

58. See id.

59. See CPR Institute for Dispute Resolution, Signatories to Date (visited Mar. 10, 1999) <http://www.cpradr.org/Signatories.html>.

60. See National Institute of Standards and Technology, NIST Y2K Web Site (last modified Oct. 29, 1999) <http://www.nist.gov/y2k/>. The NIST is an agency of the United States Department of Commerce's Technology Administration.

61. See id. The NIST works with the Information Technology Laboratory ("ITL") to provide accurate Y2K information and current information technology standards and testing. See id. Information about ITL can be found at NIST, Information Technology Laboratory (last modified June 23, 1999) <http://www.itl.nist.gov/>. NIST also works with the Manufacturing Extension Partnership ("MEP") to provide Y2K training programs and Y2K project start-up information. Information about the MEP can be found at NIST, Manufacturing Extension Partnership (visited Nov. 4, 1999) <http://www.mep.nist.gov>.

62. See generally National Institute of Standards and Technology, NIST Y2K Web Site (last modified Oct. 29, 1999) <http://www.nist.gov/y2k/>.

63. See generally The U.S. Small Business Administration, Small Business Help for the Year 2000 (last modified Oct. 4, 1999) <http://www.sba.gov/y2k>

64. See generally id.

65. See generally id.

66. See generally id.

67. Examples of other organizations offering Y2K guidance include, but are not limited to:

The Emerging Issues Task Force ("EITF") of the Financial Accounting Standards Board ("FASB") offers accounting guidance for year 2000 remediation costs, See Accounting for the Costs Associated with Modifying Computer Software for the Year 2000, FASB ACTION ALERT Issue No. 96-14 (Apr. 2, 1996).

The Internal Revenue Service ("IRS") has attempted to clarify tax treatment for Y2K costs. See Internal Revenue Service, REV. PROC. 97-50 (Oct. 21, 1997).

68. See Senate Report, supra note 4, at 10. The Committee has enumerated eight key areas to deal with in the Year 2000 problem. They are: 1) Utilities; 2) Health Care; 3) Telecommunications; 4) Transportation; 5) Financial Services; 6) General Government; 7) General Business; and 8) Litigation. Senator Robert F. Bennett, Chairman of the U.S. Senate Special Committee on the Year 2000 Technology Problem, stated:

"Litigation is listed last because it will come last chronologically, but probably should be listed first in terms of its financial impact if we do not get the other seven solved. The lawsuits that will be filed will be enormous. Estimates before my subcommittee of the Banking Committee indicate the total litigation bill could run as high as $1 trillion, one-seventh the size of the total economy that will change hands as people sue each other over the problems created by Y2K. We have to make sure we solve the other seven areas so that number eight doesn't hit us and destroy us." Id.

69. See Year 2000 Information and Readiness Disclosure Act of 1998, Pub. L. No. 105-271, 112 Stat. 2386 at § § 2(a)(1)(A) and (a)(2)(B).

70. See, e.g., Businesses Undergoing the Glitch (BUG) Act of 1999, H.R. 179, 106th Cong. (introduced by Representative Karen L. Thurman (D-FL) on January 6, 1999); Y2K Act of 1999, S. 96, 106th Cong. (introduced by Senator John McCain (R-AZ) on January 19, 1999); Year 2000 Readiness and Responsibility Act of 1999, H.R. 775, 106th Cong. (introduced by Representative Thomas M. Davis (R-VA) on Feb. 23, 1999); Year 2000 Fairness and Responsibility Act of 1999, S. 461, 106th Cong. (introduced by Senator Orrin G. Hatch (R-UT) on February 24, 1999); Y2K State and Local GAP (Government Assistance Programs) Act of 1999, S. 174, 106th Cong. (introduced by Senator Daniel Patrick Moynihan (D-NY) on January 19, 1999).

71. See Year 2000 Information and Readiness Disclosure Act of 1998, Pub. L. No. 105-271, 112 Stat. 2386.

72. See generally id.

73. See id.

74. See id. at § 2(b)(1).

75. See generally id. at § 5.

76. See generally Year 2000 Information and Readiness Disclosure Act of 1998, Pub. L. No. 105-271, 112 Stat. 2386.

77. See id. at § 4. The Act differentiates between written Y2K readiness statements and oral Y2K readiness statements. The written statements are referred to as "Year 2000 readiness disclosures" and are afforded more protection that their oral counterparts, referred to as "Year 2000 statements."

Y2K readiness statements are generally inadmissible in court unless used to serve as a basis for an anticipatory breach of contract or repudiation of contract claim, or if the plaintiff can show fraud or bad faith. See id. The Act provides that when a cause of action is based on false or misleading Y2K readiness statements, the statement is not admissible against its maker to prove the truth of the statement unless:

(1)the statement is used as the basis for an anticipatory breach of contract claim, repudiation of a contract claim, or similar claim; or
(2)the court finds the statement was made in bad faith or was fraudulent; or
(3)the plaintiff shows by clear and convincing evidence that the statement was:
i)material; and
ii)the maker had actual knowledge that the statement was false, inaccurate or misleading; had the intent to mislead; or the statement was made with reckless disregard as to the truth or falsity of the statement.

78. See id. at § 4(e)

79. See id. at § 5.

80. See id. at § 2(b)(2).

81. See generally id. During the July 14, 1998 speech at the National Academy of Sciences about the pending Y2K crisis, President Clinton emphasized that "businesses should exchange and pool information among themselves. It makes no sense for every firm to reinvent the digital wheel." See President's Remarks, supra note 22.

82. See Year 2000 Information and Readiness Disclosure Act, Pub. L. No. 105-271, 112 Stat. 2386 § 2(b).

83. See id. at § 4. The Act preempts state laws that might have been applicable in defamation, trade disparagement, and antitrust claims.

84. See id. at § 7(3)(B).

85. See id. at § 7(b). Written Y2K readiness disclosures made between January 1, 1996 and October 19, 1998 may fall within the protections of the Act only if:

1) At the time the statement was made, if:

the Y2K statement was clearly identified on its face as a year 2000 readiness disclosure; and
was inscribed or stored in a tangible or electronic medium and was retrievable in a perceivable form; and
was issued or published with the approval of the person or organization that was offering the products, services, etc.

2) Within 45 days of October 19, 1998, the person or organization seeking protection of the statement by this act:

provided actual notice to all recipients of the applicable Y2K statement that the statement constitutes a year 2000 readiness disclosure; or
prominently posts notice on a commercial web site.

86. See id. at § 7(a)(3)(A).

87. See id. at § § 3(11)(B) and 6(b)(2).

88. See Y2K Act, Pub. L. No. 106-37, 113 Stat. 185.

89. See Y2K Act, 15 U.S.C. § 6603(a) (1999).

90. See id. § § 6603(b), (c), and (d).

91. See id. § 6606.

92. See id. § 6606(a)

93. See id.

94. See id. § 6606(c).

95. See id. § 6606(d).

96. See id. v6606(e)(1).

97. See generally id. § 6601.

98. See id. § 6605.

99. See id. § 6605(c).

100. See id. § 6605(d)(1).

101. See id. § 6605(e)(1).

102. See id. § 6605(e)(2).

103. See id. § 6604(b)(2)(A).

104. See id. § 6604(b)(2)(B).

105. See id. § 6604(a).

106. See id. § 6604(b)(1).

107. See id. § § 6604(b)(3) and (c).

108. See id. § 6614(a).

109. See id. § 6602(4).

110. See id.

111. See id. § 6614.

112. See id. § 6614(c).

113. See id. § 6608.

114. See id.

115. See id. § 6603(g)(2)(B).

116. 116 See id. § 6603(g)(2)(B)(ii).

117. See id. § 6603(g)(5).

118. See Year 2000 Fairness and Responsibility Act of 1999, S. 461, 106th Cong. A few of the its provisions include:

a pre-litigation procedure whereby plaintiffs must notify defendants of Y2K problems and give the defendant the opportunity to cure before filing a lawsuit;
provides that a defendant's liability will be limited to its percentage of the fault in causing the harm;
specifically encourages parties to look into alternative dispute resolution during the 90-day "problem solving period;"
caps damages;
applies a duty to mitigate on plaintiffs who incur damages.

119. See id.

120. See Prepared Testimony of Senator Orrin G. Hatch Before the Senate Special Committee on the Year 2000 Technology Problem, FED. NEWS SERV. (Mar. 11, 1999).

121. See id.

122. See Year 2000 Readiness and Responsibility Act of 1999, H.R. 775, 106th Cong.

123. See Year 2000 Consumer Protection Plan Act of 1999, H.R. 192, 106th Cong.

124. See id.

125. See id. § 3(b).

126. See id. § 3(c).

127. See id. § 3(d).

128. See Businesses Undergoing the Glitch (BUG) Act of 1999, H.R. 179, 106th Cong.

129. See id. § 2(a).

130. See id. § 2(b)(1).

131. See generally Y2K State and Local GAP (Government Assistance Programs) Act of 1999, S. 174, 106th Cong.

132. See generally id.

133. See id. § 2(1).

134. See id. § 3(g).

135. See id. § 3(2).

136. If the statement qualifies as a disclosure under the Year 2000 Information and Readiness Disclosure Act, the statements will be inadmissible in court against the defendant, even if incorrect, unless the plaintiff can prove the statement was fraudulent or made in bad faith. See Year 2000 Information and Readiness Disclosure Act of 1998, Pub. L. No. 105-271, 112 Stat. 2386 at § 4.

137. For example, the warranty may guarantee that a system will be Y2K compliant, but it may not guarantee that it will be compatible with other programs. In other words, does the Y2K warranty guarantee that it is compliant AND that it will work properly?

138. The Small Business Administration has enumerated several suggested steps that should be taken in testing programs for Y2K compliance:

Suggested Testing Criteria

The following list is not all-inclusive. You should add others based on your business's needs and ignore those that are not appropriate.

Test the changed system with dates before the year 2000 to insure that it is working properly
Test that the changed system rolls over from 12/31/1999 to 1/1/2000 properly
Validate the first business day of the year 2000 (1/1/2000, 1/2/2000 or 1/3/2000 depending on your business needs)
Validate that the system operates correctly at end-of-month (1/31/2000 and will roll over to 2/1/2000 properly. [sic]
Test that the system rolls over from 2/28/2000 to 2/29/2000 properly, operates correctly on 2/29/2000, then rolls over and operates properly on 3/1/2000.
Test 3/31/2000 and 4/1/2000 to show that end-of-quarter processing operates correctly
Test 1/7/2000 and 1/10/2000 to insure [sic] that the system operates correctly on the first Friday of the new century, and on the Monday after the first Friday.
Validate year display fields, including data entry
Validate the year in reports
Test that the system sorts in correct order, validate all sort processing
Validate correct calculation of dates
Validate the correct acceptance of dates from the operating systems
Validate calculated resultant values from dates
Test that ages are calculated correctly
Validate interest and other time-based financial calculations
Test expiration date processing
Test historical decision analysis
Validate time reporting processing
Test workflow/materials requisition and inventory processing
Verify that billing calculations are correct
Validate cycle processing, including day-of-week and/or first business day of the month
Verify that the system forecasts correctly
Test forward processing - process dates after the year 2000 (2001, 2002, &c.)
Validate backward processing - process dates prior to 2000
Verify historical or archival date processing
Validate that the system purges the correct records
Validate date and data error handling routines
Validate date expansion, if used, both within the application and between interfacing applications.
Validate windowing, if used, both within the system and between interfacing systems
Validate proper handling of special values in dates - 99/99/9999, 88/88/8888, 00/00/000
Validate that the system works with the date 1/1/1999 - first date with "99" in the year field
Validate that there are 366 days in the year 2000, and 365 days in the year 2001.
Validate that 9/9/99 (September 9th, 1999) is handled properly.

Some additional dates that may impact businesses.

1. 7/1/1999 - 46 out of 50 states start their Fiscal Year 2000
2. 10/1/1999 - start of Federal Government's Fiscal Year 2000
3. 2/15/2000 - W2 due
4. 4/15/2000 - Tax day
5. 4/30/2000 - first month ending on a weekend
6. 5/1/2000 - tax withholding report due, unemployment tax due
7. 9/30/2000 - Federal Government's end of fiscal year 2000
8. 10/10/2000 - first '6-digit' date for systems storing date as MDDYY
9. 12/31/2000 (Sunday) - first year end - check that year contains 366 days
10. 1/1/2001 - test that the system has been instructed to roll over to 2001
11. 2/29/2001 - invalid date
12. 12/31/2001 - second year end - check that year had 365 days

How to check a personal computer for year 2000 readiness

The following steps are suggested to determine if a personal computer will roll over to the year 2000 correctly.

The test presented here requires a bootable DOS floppy diskette. This is a safer method to test your PC's system clock because it leaves the data and programs on your PC's hard disk unaffected. If you boot to your C: drive, you may end up loading Windows® or Windows® 95 and other applications from your startup routine. Using a bootable diskette will ensure the integrity of the data and programs on your PC's hard disks. The test script presented here will check your PC's ability to transition to the year 2000 and recognize it as a leap year. Do not perform the tests by changing your system's BIOS Setup screen.

Create a bootable test diskette.

              - Insert a blank floppy diskette into the PC's A: drive.
              - From a DOS prompt, type FORMAT A: /S.
              - Or from Windows File Manager, click on DISK/FORMAT and check MAKE SYSTEM DISK.

With the bootable diskette created in Step 1 still in your PC's floppy drive, shut down your system (close Windows) and the power off your PC. Don't just hit the reset button or warmboot (CTL-ALT-DEL).
Turn the power on your PC, and allow the PC to boot from the diskette.
After bootup, DOS automatically shows the current date. Make sure that the correct date is displayed. Otherwise, you may have to set the correct date on your PC's BIOS.
At the Enter new date (mm-dd-yy) prompt, type 12-31-1999. After changing the date, the current time will be displayed. At the Enter new time: prompt, type 23:55:00.
Turn the power off on your PC and wait at least 10 minutes. If you don't, DOS will appear to transition correctly to the year 2000. However, once you reboot the PC, it will display the incorrect date if your system's RTC has the flaw described above.
Turn the power back on and wait for the boot process to complete. Type in Date at the ready prompt. If Sat 01-01-2000 is displayed, your PC's BIOS passes the test.
At the Enter new date (mm-dd-yy): prompt, type 02-28-2000. This will test your system's ability to recognize the year 2000 as a leap year. After changing the date, the current time will be displayed.
At the Enter new time: prompt, type 23:55:00.
Power off your PC again and wait at least 10 minutes. Turn the power on the PC. Type in Date at the Ready prompt. If Tue 02-29-2000 is displayed, your PC's BIOS passes the leap year test.
To conclude testing, at the Enter new date (mm-dd-yy): prompt, enter the correct date, e.g., 07-04-1997.
After changing the date, the current time will be displayed. At the Enter new time: prompt, type correct time, e.g., 06:00:00.
Remove the bootable diskette from the floppy and power off your PC.

U.S. Small Business Administration, Y2K Self-Assessment and Checklists for Small Business (visited Mar. 14, 1999) <http://www.sba.gov/y2k/indexcheck.html.