David Woolford is a lawyer in the KNOWlaw Group of the Toronto law firm McMillan Binch. This article was written with the assistance of Jennifer MacInnis and Kate Manning.

* * *

When the clock strikes midnight on Dec. 31, 1999, the world will be holding its breath in anticipation of possible computer meltdown.

The problems stem from the fact that much of the software written before or early in this decade uses the last two digits to record a calendar year ­ it assumes the first two digits will always be 19 ­ so the year 2000 will be read as an invalid entry or as the year 1900. These ‘Millennium Bugs,’ as they have become known, mean that countless software programs which use dates won’t produce the correct results. These bugs could affect everything from accounting, budgeting, and human resources programs to equipment containing computer chips.

Believing that Millennium Bugs are things that only systems departments and other technology professionals need to worry about is dangerous thinking. The Millennium Bugs are more than ‘just a computer issue.’ They have far-reaching consequences, not only for software developers, vendors and maintenance providers, but also for companies and their directors and officers who fail to ensure that their systems are millennium friendly or to adequately remedy so-called ‘Y2K’ problems before it is too late.

When to worry

Though the next millennium d’esn’t officially start until Jan. 1, 2001, Y2K problems will start surfacing Jan. 1, 2000, if not sooner. For a lot of older software that is still in use, the digits ’99’ have been used as an ‘error code’ by programmers. This means that in addition to experiencing Millennium Bugs, such older systems will consider 1999 dates as invalid. This means that you will have to fix these systems by Dec. 31, 1998, at the very latest.

Whether the fix date for your computer system is Dec. 31, 1998 or 1999, it’s critical to realize that this is a rock solid deadline. You should take steps quickly to identify and address any Y2K problems your organization may face in the near future, if not already.

Who’s at risk

Directors and officers are legally responsible for managing the affairs of their companies. Those who do not address Y2K problems in their own companies, before the turn of the century, run the risk of personal liability to shareholders and customers for their indifference. Likewise, companies themselves could face liability from their customers and shareholders for losses that result from business interruptions or corrupt data.

Act now

Action now could save many headaches later. Prudent steps that should be taken sooner rather than later include:

– Address the challenges: Do an audit of internal computer systems to determine the extent of the Y2K problems and challenges your organization may face.

– Act as a customer: Examine the outside systems and companies which you rely on and question their management regarding the actions that they are taking to make their own systems Y2K compliant.

– Examine contracts and licences: Many companies have existing maintenance agreements with service providers. D’es yours provide for fixing any foreseen problems, like Y2K ones?

– Examine personnel: Is the knowledge needed internally to fix the problem available? Companies working with specialized or customized software systems may not have the necessary personnel on staff.

– Plan for the cost: Estimates suggest that it will cost more than $600 billion worldwide to fix the innumerable Millennium Bugs. So Y2K expenditures could result in a considerable drop in a company’s net revenue.

– Put someone in charge: Establish a steering committee or appoint a coordinator to direct your organization’s efforts to become Y2K compliant.

– Get outside help: Bringing in outside technology and legal experts to advise the board can be a big help if the directors find themselves defending their actions.

– Create an action plan: As soon as possible, determine what actions are going to be taken to fix Y2K problems ­ then act on them. Also think about contingency plans if the actions taken to correct the problems are not completed on time.

– Protect yourself: Management should create a paper trail of its actions; directors and officers who can show that proper steps were taken to correct the problem will be better off in case of litigation.

Do you have a millennium plan?

While putting a millennium plan into action is a necessity for any company that relies on computer systems, things don’t always go according to plan. So companies should also protect themselves from business interruptions, and, more importantly, from liability, by having contingency plans in place if Y2K problems are not fixed in time, solutions won’t work or unforeseen bugs appear. This is especially true if the business is service-oriented, depends on realtime data, or has old, cumbersome legacy systems that were not expected to make it into the next millennium in the first place. Warning customers of potential problems and identifying crucial areas of concern are key contingency plan items.

Compliance agreements

If your company relies on others for data or other services that might be affected by Y2K problems, you should also consider entering into compliance agreements with these suppliers. A compliance agreement can apportion responsibility for any losses or delays caused by a supplier’s failure to fix its own systems, and can give companies influence over the standards and deadlines that their suppliers have established in their own millennium plans.

Keeping your key technical personnel

Your company will not only have to act to protect itself from possible external liability but will also have to ensure that your maintenance and employee contracts have sufficient incentives or are otherwise strong enough to keep your technical support staff in place.

The computer sector has experienced tremendous growth recently; it will continue to in the next few years because of Y2K work requirements and technology enhancement initiatives, keeping computer professionals and maintenance providers in high demand.

The possibility of key personnel or providers breaking their contracts and leaving at critical times should be addressed before it happens.

Y2K certification

As part of the millennium boom, many companies are springing up to offer ‘Year 2000 certification.’ Companies and individuals should approach this certification warily. While there will be valid certification companies, it won’t be difficult for unscrupulous individuals to set up a certification system, issue certifications, receive payments and then vanish Jan. 1, 2000, leaving companies with the certified system crashing down around them.

The amount of protection from liability that certification would give a company if its computer system were to crash ­ despite having received certification ­ should be explored with legal counsel before embarking on the certification process, as should the possible recourse that can be taken against a certifier organization that improperly certified the system.

New Year’s Eve Dec. 31, 1999

Even without taking any preventative or proactive action, companies may find that Millennium Bugs will cause only minor glitches in the normal course of business, and the catastrophic failures that are being predicted in everything from fire engines and elevators to banking and hospital systems will fail to materialize.

While the business world is hoping this will be the case, awareness and preventative action now by everyone touched by the Y2K challenges can help make it more of a possibility. That way companies ­ and their officers and directors ­ can dance New Year’s Eve night away without worry into the year 2000.

(This article contains general comments only. It should not be considered as advice on any particular situation.)