By Russ Finney
February 20, 1998
As the year 2000 approaches, the legal profession is preparing for a financial windfall. They are correctly sensing the fact that many company's computer systems will not be prepared for the coming date change. They know that because of the inevitable business disruptions, revenue loss, and associated liabilities, many significant lawsuits will be filed by injured parties.
As an IT professional, you must insure that both you and your company are out of harms way. This feature will examine the legal considerations of the Year 2000 issue. It will review why recent SEC and AICPA actions are making Year 2000 legal liabilities a real possibility for non-compliance companies. It will also present strategies for you and your company to use to reduce your Year 2000 legal exposure.
The opinions expressed in this feature are my own. I am not an attorney. Any unique facts, circumstances, or situations at your company should be reviewed by appropriate legal counsel. I am posting this feature for general IT professional awareness of these concerns.
Requirements for Public Companies
The Securities and Exchange Commission (SEC) is now requiring US public companies to disclose Year 2000 problems in the "Management's Discussion and Analysis" section of the annual report to the shareholders. This rule is documented in the following SEC bulletin:
SEC Staff Legal Bulletin No. 5: Disclosure by Public Companies Regarding the Year 2000 Issue
In addition, the American Institute of Certified Public Accountants (AICPA) has issued an opinion stating that companies which have not performed a formal Year 2000 risk study have no basis for concluding that their business does not have potential Year 2000 problems. Read the AICPA letter here:
AICPA's Letter to the SEC on Year 2000 MD&A Disclosure
Legal Strategy Number 1:
Conduct a formal Year 2000 risk study at your company as soon as possible. Report any Year 2000 problems as required by the SEC Bulletin. This insures that you are meeting both the AICPA and SEC requirements for risk disclosure.
Executive Liabilities
Have the proper executives been notified internally regarding Year 2000 problems? If you are in the Information Technology area, have you documented your concerns and issues? Have these been sent to a high enough level within the company to make certain that the appropriate resources are allocated for a timely resolution?
If you are a director or an officer of a company, have you confirmed that appropriate Year 2000 problem resolution actions are occuring? Future Year 2000 shareholder lawsuits will be based on the internal documentation of the issues, and the subsequent actions or inactions taken by the company.
Legal Strategy Number 2:
Compile a report which contains all correspondence related to Year 2000 risks. Reconcile this report to the formal Year 2000 risk study. Any risks which have not been communicated to the appropriate corporate officers should be documented and reported immediately.
If the company carries Directors and Officers insurance, these policies should be reviewed for applicability to Year 2000 problem decisions. Check to make sure any policy requirements are currently being met by the company.
Software and Hardware Inventory
In a previous feature, Year 2000 Issues, I described a methodology for building a comprehensive list of all applications and the associated Year 2000 issues. The AICPA letter has now made this Inventory list a part of Year 2000 reporting compliance.
Do'nt overlook external systems and applications either. These can be systems connected through electronic data interchange (EDI), email, and private network data transmissions. These outside systems also have the potential to impact the integrity of the company's internal databases. Failing to research these can create a potential liability.
Legal Strategy Number 3:
As a part of the master Year 2000 risk assessment, a complete inventory of all hardware and software applications should be compiled. Each item should show any Year 2000 problems, issues, or risks.
In addition to the internal systems, all external system connections should be evaluated. Outside companies with direct data connections should be requested to provide your company with any known Year 2000 issues, and their respective Year 2000 problem resolution plans. Many companies are doing this through a formal survey.
Contract and Copyright Analysis
All corporate contracts related to hardware and software should be reviewed for Year 2000 support. These include contracts with software and hardware vendors, systems integrators, consultants, and software houses. Each contract should be reviewed to determine the extact level support your company is entitled to from these outside parties.
Copyright and intellectual property issues should be reviewed as well. How much can you legally fix yourself without infringing on a vendor's specific copyright or license restrictions?
Legal Strategy Number 4:
Conduct a legal review of all contracts and licenses related to systems and applications which will require Year 2000 problem resolution. If required, negotiate solutions to any legal issues which may be discovered. Seek legal counsel and take action immediately if a specific situation presents a risk to your company, especially if it impacts outside customers or any other third parties.
Legal Strategy Number 5:
Fix your problems NOW - don't wait until 1999! Good luck with your efforts.
Please share your thoughts and comments regarding this feature. You can do so by posting to our Hot Topics Forum.
Copyright © 1999, Russ Finney, All Rights Reserved. Originally written for The Mining Company.
