The Great Computer Crash of 2000
By Craig A. Fieschko
Editor's Note: To view Wisconsin statutory
materials referenced in this article you must have and/or install Adobe
Acrobat Reader on your computer.
It's Monday, Jan. 3, 2000. You were hoping for a slow day after the
holiday weekend, but the telephone keeps ringing:
- A local bank calls to report that its computer system misplaced all
of its depositors' accounts, and it's wondering about legal
ramifications.
- A local hotelier wants to sue his building maintenance contractor
because his new climate control system malfunctioned, treating his
guests to air conditioning in the middle of winter, and they're leaving
in droves. He also fears that he may be facing suits from the guests
that stayed: They were stuck in their rooms when the computerized key
system also went haywire.
- You just received a policy cancellation from your professional
malpractice carrier, who says that their database shows you haven't paid
your premiums for almost a century.
- Several (ex)clients are questioning your competence and diligence
owing to your failure to meet important deadlines. You try to explain
that your docketing software failed, but they aren't very
understanding.
You note that all of these problems appear to originate in
computerized systems, but why now, and why all at once?
The year 2000 problem
If you've been watching the news, chances are
you've heard of similar scenarios that could arise from the year 2000
problem, also known as the "Millennium Bug," the "Millennium Bomb," and
the "Y2K Bug." The problem originates in the date-processing routines of
older computer software and hardware.1
Because computer memory once was very limited and expensive, software
and hardware generally stored dates in six-digit form: For example, the
date June 8, 1995, might be represented in dd/mm/yy form; that is, as
080695. Thus, the year 2000 problem arises due to the "rolling over" of
the year digits on Jan. 1, 2000 (or 010100).
Owing to the lack of millennial and centennial digits, software and
hardware that perform actions based on the year digits may treat the
year 2000 as the year 1900 and yield erroneous results. For example, a
program that sorts dates and their associated actions into ascending
order may treat dates in the year 2000 as having higher priority than
dates in the 1990s. As another example, a program might calculate that
minus 99 years have passed between Dec. 31, 1999 (311299) and Jan. 1,
2000 (010100) by subtracting 99 from zero. Other software and hardware
may be incapable of accepting years after 1999, or may fail to recognize
the year 2000 as a leap year and skip directly from February 28 to March
1.
There is no realistic chance of a universal solution for the year
2000 problem. There literally are billions of lines of software code
wherein year 2000 problems may be hidden, and numerous different
programming languages and styles to contend with. Thus, each different
program generally will require its own customized repairs. Additionally,
year 2000 problems can be difficult to isolate since even if software is
year 2000 compliant, the same is not necessarily true of the hardware on
which it runs. An example may be sitting on your own desktop, since the
internal clocks and memories of many older personal computers use
two-digit years.
The year 2000 problem is compounded in that it is not limited to what
most people regard to be computers and software, since many modern
devices have embedded microchips and digital controllers that also are
date-sensitive. For instance, numerous "smart" building maintenance
systems (heating/cooling systems, fire and intrusion alarm systems, and
so on) rely on correct date usage for proper operation.
Because of society's heavy reliance upon computer technology, it
should be evident that the year 2000 problem stands to cause legal
troubles as well as technical ones. The first year 2000 cases already
have hit the courts. In the California case of Atlaz International
Ltd. v. Software Business Technologies Inc., users are suing an
accounting software company for selling nonyear 2000-compliant software
and requiring payment of upgrade fees to obtain a compliant
version.2
In the Michigan case of Produce Palace International v.
TEC-America Corp. and All American Cash Register Inc., a retailer
suffered heavy losses after its new cash register system refused to
accept credit cards with expiration dates after the year 2000, and the
retailer is looking to the cash register manufacturer for
reparations.3 More cases are certain to
come. In view of the risks involved, attorneys must be able to advise
their clients how to protect against others' failure to account for the
year 2000 problem, and how to minimize clients' exposure to
liability.
Determining vulnerability
Your clients should inventory all their software, hardware, and
online data services. Clients should ask the vendor/supplier of each
product and service to provide a written reply as to whether the
product/service is year 2000 compliant. A response that a vendor has
some form of "year 2000 certification" from a trade organization does
not necessarily mean that the software and hardware in question meets
year 2000 needs unless a detailed review of the certification process
leads to this conclusion.
Apart from addressing vendors of software, hardware, and data, it
also may be appropriate to request compliance information from other
parties involved with the design, manufacture, selection, and
installation of software and hardware. For example, if a consultant
chose or installed software and hardware to your client's specifications
and requirements, the consultant may best determine whether the software
and hardware are in compliance.
Contract issues
Since the sale and use of software and hardware generally is mired in
contracts hardware and software licenses, maintenance and repair
agreements, and so on the next step is to inventory and analyze
all materials relating to the software/hardware to determine their
representations, warranties, and limitations on liability. This analysis
will allow you to determine your client's remedies if his or her systems
are not year 2000 compliant.
Statements in sales contracts regarding software and hardware or
their performance may be treated as an express warranty so long as they
were part of the "basis of the bargain."4
Since such express warranties also can arise in materials relating to
the software and hardware, such as advertising, operation manuals, and
other literature, these materials also should be closely reviewed.
However, take care to identify any merger/integration or disclaimer
clauses excluding statements in these materials from the sales contract.
If no express warranties apply, a remedy might be available through the
implied warranty of merchantability5 and the
implied warranty of fitness,6 provided these
warranties are not disclaimed.7
If it appears that your client's software and hardware are not year
2000 compliant but are warranted as such, the vendor should be given
written notice of your client's expectations. If your remedy is limited
to repair or replacement, as it will be with most sales contracts,
repair or replacement should be demanded along with a timetable for
doing so. Where repair or replacement is unduly delayed or impossible
a very real possibility where the year 2000 problem is involved,
owing to the magnitude of the problem and the limited time for
correction you may be able to assert that a failure of essential
remedy has occurred, thereby potentially allowing your client's recovery
of consequential, incidental, or special damages (such as loss of
customers) even in cases where contracts limit or exclude them.8
Vendor reliance on force majeure clauses or other clauses disclaiming
liability for "Acts of God" and the like may be deterred if you provide
a clear statement of your position that the vendor made the software and
hardware noncompliant, not God, and that compliance could have been
achieved with the exercise of due care.
It is possible that a vendor will initiate (or has initiated) contact
with your client, stating that its software and hardware are not year
2000 compliant. This statement will trigger your client's obligation to
mitigate damages once a contract breach is apparent, and even where
vendors have no contractual obligation to fix your client's software and
hardware, such notice could lessen their exposure to tort liability.
Where vendors do have a contractual obligation to fix your client's
systems, pay close attention to the terms of proposed fixes: Will they
meet your client's compliance timetable, or is there a failure of
essential remedy? Are the vendors attempting to modify their obligations
(for example, requesting payment for compliance measures that appear to
be required under warranty)?
Regardless of whether a fix is proposed, vendors should be put on
written notice of your client's expectations so they cannot later claim
your client waived remedies or acquiesced in modifications to contract
terms. If your client is bound to a vendor by a long-term contract, the
vendor's failure to help your client attain year 2000 compliance may
allow your client's escape.
Statutes of limitation problems can arise where noncompliant software
and hardware are older than the limitations period.9 Breach (and running of the statute) occurs upon
delivery of the defective good, unless a warranty explicitly extends to
future performance.10 Thus, where
noncompliant software and hardware are older, it is prudent to review
all documentation relating to the systems, particularly long-term
maintenance and service contracts, to locate any warranties of future
performance. Despite any length of time remaining in the limitations
period, you should promptly request contractual remedies once breach is
noted since delay may give rise to claims of waiver.
More difficult contract issues may arise when contracts do not
involve sales of goods, or when they otherwise are outside the scope of
Article 2 of the Uniform Commercial Code (UCC) and Chapters 401-407 of
the Wisconsin Statutes, which generally are based on UCC Article 2. Many
software and hardware contracts are nongoods related (for example,
contracts for data processing services), or are in the form of a license
rather than a transfer of title. Nevertheless, courts generally have
treated software licenses and data transaction arrangements under UCC
Article 2 principles, and thus it can be expected that these principles
will continue to control in most cases.11
However, commentators have noted that Article 2 sometimes provides a
poor fit when software and hardware contracts are involved.12 Article 2B of the UCC, dealing with software and
hardware licenses and data transactions, has been under construction in
earnest since approximately 1995, but has not yet been completed. Where
application of UCC Article 2 principles provides unwanted results,
reference to the draft Article 2B and its surrounding commentary may be
a helpful reference in formulating policy arguments for different
outcomes.13
If your client is a software or hardware vendor rather than a user,
you should anticipate the events described above. You should analyze
your client's supply contracts to determine liability in case the
client's lack of year 2000 compliance causes damage to others. If
compliance is lacking, your client's customers should be notified as
soon as possible, and your client should attempt to mitigate potential
damage by suggesting alternate or remedial systems where available.
Tort issues
The year 2000 problem can result in system crashes, product
malfunctions, and loss or corruption of data - and legal
disputes.
Tort law may provide remedies where contract law principles fail.
Where personal or property damage occurs from the year 2000 problem,
rather than purely economic damage,14
products liability claims based upon negligence or strict liability
theories might be alleged for design flaws, failure to warn of product
dangers, and misrepresentation of product qualities. Where purely
economic damage occurs (for example, loss of profits, customers, or
damage to the software and hardware itself owing to its asserted
defect), a claim of fraudulent misrepresentation may be available if you
can show that the purchaser detrimentally relied upon a deceptive
representation that a vendor intentionally made. Where the intent
element cannot be proven, a claim of negligent misrepresentation may be
available. If the actions of professionals (for example, engineers)
caused year 2000 damages, claims of malpractice also may be
possible.15
Copyright and patent issues
If your client's software and hardware providers will not bring
products into compliance, your client may try to attain compliance
through self-help executed personally or through hired consultants.
Self-help can be problematic in that it may void warranties in your
client's software/hardware contracts (thus also voiding your client's
remedies).
More important, self-help also can give rise to liability under
copyright law. Even if your client owns software and hardware, your
client may not own the underlying copyrights unless he or she has a
written agreement to that effect with the authors.16 If your client doesn't own the copyrights,
modifying the software and hardware may create infringing "derivative
works" under copyright law.17
Copyright law generally reserves the exclusive right to create such
derivative works to the owner of the copyrights in the preexisting
works. Thus, you should carefully review all licenses or other
agreements relating to software and hardware to see whether they allow
your client to make modifications. If no express allowance for
modification is given, you should seek written permission. Permission
for modifications must be obtained even if consultants are hired to
perform the modifications, since any copyright infringement by
consultants may constitute their employer's contributory infringement.
Further, any sophisticated consultant will demand warranties that the
party requesting software/hardware modifications owns the underlying
copyrights or has obtained clearance for modifications, and will demand
indemnification for any infringement problems.18
If your client resorts to self-help, you should review available
defenses to copyright infringement. Owners (but not licensees) of
software and hardware are allowed to modify programming if such
modifications are "an essential step in the utilization of the computer
program in conjunction with a machine."19The copyright defense of "fair use"20 also might be available, but since its
application often is complex and uncertain, it may be risky to rely upon
the fair use defense as the sole basis for making modifications. If
software and hardware providers refuse to repair year 2000 problems or
offer solutions, it may be easier to present a fair use defense.21
The question of copyright ownership in modifications also should be
addressed. While copyrights in works created by employees within the
scope of their employment will belong to their employers, absent a
written assignment, copyrights in works created by independent
contractors will belong to their employers only in rare
situations.22 As a protective measure, your
client should secure written assignments of copyrights in any works
created by consultants, or at least a written nonexclusive royalty-free
license to exercise any of the consultant's copyrights so long as such
copyrights exist.
Depending on the "fix" being implemented, patent infringement issues
also could arise. Several patents on year 2000 problem solutions have
been issued by the U.S. Patent and Trademark Office,23 and more can be expected. Whereas copyright
infringement requires copying, patent infringement is more problematic
in that it is a strict liability offense which is not excused by lack of
"copying" (or independent development).
Employment issues
Anticipate potential employment and labor claims if your client
retains any new employees or independent contractors to address year
2000 problems, particularly where it is known that staffing down will
occur after year 2000 problems are solved. As the year 2000 approaches,
skilled programmers will be in demand and likely will receive many
competing employment offers. Thus, it it may be wise to draft employment
contracts with an emphasis on retaining personnel who are essential to
your compliance program, with rewards being given when certain
compliance milestones are completed on schedule. Some employers may be
tempted to take an opposite approach and attempt to limit employees'
ability to leave by seeking covenants not to compete. Under Wisconsin
law, such restrictive covenants have a high risk of being declared
invalid unless they are vitally necessary for the employer's protection,
for example, where the employee is likely to disclose the employer's
trade secrets to competitors.24
Trade secret issues
If your client hires consultants to implement compliance measures on
software and hardware, you should review your client's licenses and
contracts to be sure that allowing others to access these systems does
not breach any covenants to maintain the confidentiality of the software
and hardware. If confidentiality provisions are present, seek written
waivers. Additionally, your client's own confidentiality must be
protected. Year 2000 consultants may be delving deeply into your
client's business data and could become intimately acquainted with your
client's operations. Written agreements with consultants (and employees)
should alert them to the existence of trade secret material, bind them
to confidentiality, and obligate them to inform your client if they have
been retained by competitors (or if they are so retained in the future).
Limit information supplied to contractors to "need-to-know" material,
safeguard withheld information, and mark all materials as
"confidential."
Liability for managers of business entities
State law imposes fiduciary duties on corporate officers and
directors. Failure to perform these duties can lead to derivative suits
by shareholders and legal action by the corporation itself, seeking to
hold the officers and directors personally liable for damage to
corporate assets. The duty of care aspect of these fiduciary duties will
likely be most relevant to the year 2000 problem. The duty of care
requires officers and directors to act diligently to protect corporate
assets from damage caused by foreseeable and material events, and to
make decisions on an informed basis after gathering and considering all
relevant available information. Thus, officers and directors should
locate and address any potentially damaging year 2000 problems, assess
their risks and costs, and make contingency plans. Since the year 2000
problems of others could materially affect the corporation's business,
the inquiry extends beyond the corporation to companies in which the
corporation invests, and to the corporation's vendors and customers.
Matters relating to year 2000 compliance measures should be
documented to establish a defense under the "business judgment rule":
that officers and directors acted in an informed basis, in good faith,
and in an honest belief that their decisions were in the best interests
of the company. Any documentation should be sufficiently clear that a
nontechnically oriented judge or jury can readily find support for your
client's position. It also is advisable to prepare any such
documentation with the assistance of counsel so that a claim of
privilege might be established (and to better ensure that a record of
diligence is established rather than a "smoking gun").
Since many officers and directors are not knowledgeable about
software and hardware technology or year 2000 issues, it may be easier
to show they met their duty of care if they appoint a committee to
appraise year 2000 problems and make compliance recommendations. Such a
committee should include one or more outside experts knowledgeable about
year 2000 technology issues. The selection of goods and services with
"year 2000 certification" from the Information Technology Association of
America (ITAA) or other qualified sources also may help establish
that the duty of care was met, though the certification process must be
scrutinized to determine whether it addresses the corporation's
particular year 2000 issues.
Year 2000 disclosure issues
Federal and state laws generally impose a duty on the officers and
directors of corporations to disclose to current and potential investors
all facts that are "material" to the corporation's present and future
financial health. The scope of material information is broad, and
generally is regarded to be any information that a reasonable investor
would consider important. Disclosure failures can lead to corporate
liability and personal liability of officers and directors. Thus, you
should review securities laws and common and statutory laws relating to
fiduciary duties and disclosure requirements to determine whether a duty
to disclose year 2000 problems is present. Where uncertainty exists,
disclosure may be the best option to avoid government enforcement
actions and investor suits for fraud or other violations.
Regarding public companies, the primary laws of concern are the Securities Act of 1933 and the Securities
Exchange Act of 1934. These laws require the disclosure of material
information in connection with the registration, offering, and sale of
securities and the solicitation of proxies, and also require the
reporting of financial conditions in annual 10-K, quarterly 10-Q, and
other reports. This can include the reporting of not only past and
current financial conditions, but information that could have an effect
on future financial conditions. The Securities Exchange
Commission (SEC) has stated that year 2000 problems and costs often
will be material and that their existence and ramifications should be
noted in MD&A (Management's Discussion and Analysis of Financial
Condition and Results of Operations) sections of annual 10-K and
quarterly 10-Q reports,25 as well as in any
other SEC forms and reports requiring such disclosures. Unfortunately,
the SEC has not yet offered specific advice regarding the scope of
necessary disclosures. Companies seeking more specific guidance may want
to review 10-K and 10-Q reports of larger corporations, particularly
those in the finance and insurance industries, to learn what other
companies are doing.26 Where questions
arise regarding the sufficiency of proposed disclosures, it is wise to
err on the side of excess detail.
Other disclosure obligations to investors may arise owing to
reporting duties imposed on accountants, auditors, and other
professionals, or from contractual obligations to creditors or other
parties. Additionally, business entities whose activities are highly
regulated by particular government agencies should determine whether
these agencies have promulgated any rules or guidelines specifically
relating to the year 2000 problem. As an example, pursuant to notices
issued by the Federal Financial
Institutions Examination Council (FFIEC),27 financial institutions may be subject to closer
scrutiny if disclosure sufficiency questions arise.
Insurance coverage
You should inventory and analyze your client's insurance policies to
determine whether they could cover damage caused by year 2000
noncompliance, help pay for compliance efforts, or provide protection if
claims arise from your client's noncompliance.28 Many standard policy terms exclude from coverage
most year 2000 problems: Solely financial damage may not be covered;
definitions of "property" may exclude loss of computer use and data
corruption from property damage (and "property damage" may extend only
to damage to property apart from the software/hardware itself); year
2000 problems may not be a specified peril for which coverage applies;
and so on.
Policies covering damage from "unanticipated" or "unpredictable"
factors arguably may not apply since the year 2000 problem was created
purposefully by software and hardware engineers to conserve expensive
memory space; thus, it can be said to arise owing to an economic design
choice rather than an error or accident. However, some provisions
relating to property damage and damage to business records may allow
recovery.29
Craig Fieschko is a registered patent
attorney with DeWitt Ross & Stevens S.C., Madison, practicing in
patents, trademarks, copyrights, and legal issues relating to
technology.
Review policies also for more subtle year 2000 problems that could
affect coverage. For example, if property insurance is contingent upon
maintaining an operative fire or intrusion detection system, consider
whether insurance coverage will become inoperative if these systems are
affected by the year 2000 problem. Finally, owing to increased insurer
awareness of the year 2000 problem and their eagerness to avoid further
claims, it is important to review all policy renewals to determine
whether new exclusions or changes in terms adversely affect year 2000
coverage.
Tax issues
Careful tax treatment of year 2000 compliance costs could decrease
their burden. Recent Internal
Revenue Service (IRS) guidelines generally allow same-year expensing
of costs rather than capitalization and amortization.30 Document the steps taken to attain year 2000
compliance to support the preferred tax strategy in the event of IRS
inquiries.
Export and foreign law issues
Be aware that a slew of international tax and contract issues can
arise if your client looks to "offshore" consultants to solve year 2000
problems. Export problems also can arise where sensitive technology such
as encryption algorithms are involved.31
Will you be prepared for the year 2000?
This article summarizes only the most basic year 2000 legal issues to
provide a starting point for a year 2000 compliance program. Each year
2000 situation is unique and requires careful analysis for additional
issues. As you help your clients work towards compliance, keep an eye on
the Legislature, government agencies, and the courts to see whether new
developments in the law mandate further precautionary measures.32 With reasonable diligence (or better yet, a high
budget for software and hardware upgrades), you and your clients should
be able to attain substantial year 2000 compliance in time to take off
the weekend following Friday, Dec. 31, 1999.
Endnotes
1 The question asked by all: How
old is old? (That is, is my system safe?) ISO-8601, adopted by
the International Standards Organization in 1988, was the first widely
recognized date standard advocating the use of four-digit year data.
However, this does not mean that post-1988 hardware and software is
safe. Many programmers and hardware designers did not use four-digit
years until the mid-1990s, and there are probably some that
still do not use it. Regardless of the age of your hardware and
software, you cannot assume that they are free of the year 2000 problem
unless their manufacturers (or other reliable sources) have so
stated.
2 No. 172539, Marin County Superior
Court, Calif., filed Dec. 2, 1997.
3 No. 97-3330-CK, Macomb County
Circuit court, Mich., filed June 12, 1997.
4 Wis. Stat.
§ 402.313(1)(a) (which parallels U.C.C. § 2-313).
5 Wis. Stat.
§ 402.314(2)(c) (which parallels U.C.C. §
2-314(2)(c)).
6 Wis. Stat.
§ 402.315 (which parallels U.C.C. § 2-315).
7 Wis. Stat.
§ 402.316 (which parallels U.C.C. § 2-316) controls the
disclaimer of implied warranties.
8 See Wis. Stat.
§ 402.719(2) (which parallels U.C.C. § 2-719); Murray
v. Holiday Rambler Inc., 83 Wis. 2d 406, 430, 265 N.W.2d 513, 525
(1978).
9 Wis. Stat. section 402.725(1)
applies a six-year statute of limitations running from the date a breach
of warranty occurs. In contrast, many other states follow the four-year
period applied by U.C.C. § 2-725(1). Thus, in some cases choice of
law may be critical. See Office Supply Co. Inc. v. Basic/Four
Corp., 538 F. Supp. 776 (E.D. Wis. 1982) (applying the Wisconsin
six-year period to a computer hardware/software sales contract despite a
California choice-of-law provision (California applying the four-year
U.C.C period)). Also note that under both section 402.725
and U.C.C. § 2-725, the limitations period can be shortened by
agreement.
10 Wis. Stat.
§ 402.725(2), U.C.C. § 2-725(2).
11 See, e.g., ProCD Inc.
v. Zeidenberg, 908 F. Supp. 640 (W.D. Wis. 1996),
rev'd, 86 F.3d 1447 (7th Cir. 1996). But see
Micro-Managers Inc. v. Gregory, 434 N.W.2d 97, 147 Wis. 2d 500
(Wis. Ct. App. 1988) (a contract for development and delivery of
custom-programmed software was found to be primarily for services rather
than goods, and thus outside the scope of the U.C.C.).
12 See, e.g., Prof.
Raymond T. Nimmer, Preface, Dec. 1, 1995, draft of U.C.C. Article
2B.
13 The Article 2 Drafting
Committee is making new drafts of Article 2B available as they are
completed, and is soliciting and posting commentary by attorneys and the
information systemsindustry. As of January 1998 materials can be found
on the World Wide Web at www.law.uh.edu/ucc2b.
14 Wisconsin, like most
jurisdictions, has adopted the economic loss doctrine that precludes
negligence and product liability tort claims in a commercial transaction
where the damages are failure of the product itself and there is no
personal injury or damage to other property. Sunnyslope Grading v.
Miller, Bradford & Risberg Inc., 148 Wis. 2d 910, 437 N.W.2d
213 (1989); Northridge Co. v. W.R. Grace & Co., 162 Wis. 2d
918, 471 N.W.2d 179 (1991).
15 See Monique C.M.
Leahy, Computer Malpractice, 32 Am. Jur. Proof of Facts 3d
(1995).
16 Under 17 U.S.C.
§ 202, ownership of copyrights is distinct from ownership of
the materials in which they are embodied. 17 U.S.C. §
204 provides that transfers in title to copyrights generally must be
in writing to be valid.
17 The right to create derivative
works, as defined in 17 U.S.C. §
101, is reserved to the author(s) of the underlying work per 17 U.S.C. §
106(2). Note that even before any changes to the program's
functionality are made, the preliminary task of decompiling software
object code to higher-level (and easier-to-repair) source code can
itself create a derivative work.
18 Employers should obtain
warranties from consultants that their modifications do not infringe any
copyrights and patents.
19 17 U.S.C. §
117(1). See, e.g., Aymes v. Bonelli, 47 F.3d 23 (2d Cir.
1995).
20 17 U.S.C. §
107.
21 17 U.S.C. §
107(4) considers "the effect of the use upon the potential market
for or value of the copyrighted work." Thus, if modifications do not
"supersede" a provider's products, fair use may be more easily
found.
22 The ownership of works made
for hire, as defined in 17 U.S.C. §
101, is controlled by 17 U.S.C. § 201.
23 U.S. Patent 5,600,836
to Harvey Alter (issued Feb. 4, 1997); U.S. Patent 5,630,118
to Daniel Shaughnessy (issued May 13, 1997); U.S. Patent 5,644,762
to Thomas Soeder (issued July 1, 1997); and U.S. Patent 5,668,989
to Decao Mao (issued Sept. 16, 1997).
24 Wis. Stat.
§ 103.465.
25 SEC Staff Legal Bulletin No.
5, Oct. 8, 1997. MD&A statements are covered specifically in item
303 of SEC Regulations S-K and S-B.
26 Another helpful reference is
Beth Duncan, Companies Take a Variety of Approaches to Disclosing
Y2K Problems to Investors, 66 U.S. Law Week 2339 (1997). While the
risk of preparing disclosures with respect to events that may affect
future financial conditions was lifted somewhat by the Private Securities
Litigation Reform Act of 1995, the Act provides a "safe harbor" only
where future projections (for example, predictions of year 2000
compliance) are coupled with "meaningful cautionary statements
identifying important factors that could cause results to differ
materially from those in the forward-looking statement."
27 The Dec. 17, 1997, FFIEC
Safety and Soundness Guidelines is available on the World Wide Web at
the FFIEC home page. Apart from
being of interest to financial institutions and their investors, the
Guidelines offer information that should assist almost every business
entity.
28 For in-depth background of
this subject, see Christopher Vaeth, Annotation, Loss of
Information Stored in Computer System or on Computer Disk Cartridge,
Computer Tape, or Similar Computer Storage Media as Within Coverage of
Liability Policy, 85 A.L.R. 4th 1102 (1996).
29 See, for
example, Centennial Ins. Co. v. Applied Health Care Sys.
Inc., 710 F.2d 1288 (7th Cir. 1983) (finding that the property
damage clauses of a controller manufacturer's comprehensive general
liability policy covered damage from data loss of a third party who used
the controllers).
30 Internal Revenue Service Rev.
Proc. 97-50, I.R.B. 1997-45 (Oct. 21, 1997). This scheme agrees with the
generally accepted accounting principles (GAAP) for year 2000 costs
recommended by the Financial Accounting
Standards Board (FASB).
31 Certain encryption algorithms
are effectively regarded to be munitions under the Arms Export
Control Act and cannot be legally exported without permission of the
U.S. Department of Commerce and/or Department of State.
32 As an example, on Nov. 10,
1997, Sen. Robert Bennett (R-Utah) introduced Senate Bill 1518 (the
Computer Remediation and Shareholder Protection Act of 1997 or CRASH
Protection Act) that would require disclosures of year 2000 problems by
public companies in somewhat greater detail than SEC guidelines
require.
Wisconsin
Lawyer