Focusing Your Y2K Efforts

With just over 6 months remaining to the Year 2000, it is hardly possible to be too tightly focused in your business’ efforts to tackle Y2K. One technique that may be useful is to explicitly adopt a definition of a " Y2K mission-critical failure". This will allow your company to charge management with the responsibility to avoid, or at least mitigate the consequences of, any mission-critical failures.

A good starting place for the development of your own definition of a "Y2K mission-critical failure" might be a modified version of the Gartner Group’s definition i.e. any business dependency which, if it were to fail, would cause one of the following:

• A health hazard to individuals;
• A shutdown of business, production, or product delivery operations;
• A significant loss of customers or revenue; or
• A significant litigation expense or loss.

By exercising leadership and taking focused action now, you can still significantly reduce and contain the risk of Y2K-related legal liabilities. Applying, the suggested definition of a " Y2K mission-critical failure", I shall first examine issues which relate to managing your legal risks arising out of any health and safety hazards that may be posed by Y2K.

One of the most important aspects of Y2K is its potential impact on the so-called "embedded systems" which are found in many kinds of modern equipment. The types of business equipment that may be affected by a Y2K problem range from relatively simple devices to mission-critical equipment, such as the various process control devices used in petrochemical processing plants.

The consequences of failure of embedded systems can range from mere inconvenience to disaster. For example, a failure of the business’ timekeeping system may only be disruptive. However, a failure of its monitoring equipment, allowing a critical process to operate outside safe limits, could have far more serious health and safety consequences.

To compound the problem, there are a number of features of embedded systems that make meeting the Y2K challenge particularly difficult. These include:

• The fact that the problem is hidden in the sense that the computer device is, by definition, embedded in the particular piece of equipment;
• The fact that in a sophisticated modern plant, there may be very large numbers of embedded systems. Many of these may exchange data and are integrated in various ways to control different processes; and
• The fact that even with identical pieces of equipment, obtained from the same manufacturer, the actual embedded system may have been sourced by that manufacturer from different suppliers. Accordingly, one cannot even rely on different pieces of the same equipment to handle Y2K issues in the same way.

Businesses, therefore, need to be alert to the challenge of Y2K in relation to the embedded systems used in their processes. One aspect of this is that they must take all necessary steps to comply with their legal duties in relation to the operation of their plant and equipment. These duties are owed both to employees and other persons, including visitors and neighbours.

Basically a company is under a legal duty to take "reasonable care" to avoid causing harm to such persons and it will be exposed to legal liablity to the extent that any personal injury is found by a Court to have occurred because it (or its servants or agents) failed to take such care. The "standard of care" against which the company’s actions will be judged by the Court will defined in terms of the hypothetical behaviour of the "reasonably competent and prudent operator" of the type of plant or equipment operated by the company. The hypothetical behaviour of such an operator is identified by the Court through its understanding of expert evidence, with the Court deciding whether or not the particular loss would have resulted if the company had acted as the Court believes such an operator would have acted.

In the case of serious personal injury, it is difficult for a Court to avoid some degree of hindsight in assessing the situation. Also, given the novel nature of Y2K, it is inherently difficult to predict how a Court will assess what the behaviour of the hypothetical "reasonably competent and prudent operator" would look like.

However, the general principle is that a company will not be liable if it acts in accordance with practices accepted as proper by a responsible body of persons skilled in the operation of similar plant or equipment. Conversly, with Y2K issues as well known as they have become, businesses will be hard-pressed to deny liability for any personal injury caused by failures in their embedded systems, unless they are able to prove that they instituted a program which meets the standards of their industry.

Companies must make every effort to identify and follow, as far as practicable, the "best practices" within its particular industry or, at least, the generally accepted practices being followed by other reputable and experienced operators of similar plant or equipment in order to prepare for the Year 2000 date change.

Continuing to apply the suggested definition of " Y2K mission-critical failures", in subsequent articles, I shall examine various issues which relate to managing your business’ legal risks arising out of the other three categories of mission-critical failure. These will include:

• The management of your contractual relationships with third parties (particularly key suppliers and customers) to minimise your Y2K legal risks; and
• The management of communications with such third parties on Y2K issues.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.