InformationWeek

April 19, 1999

Millennium Crunch:
Keep The Bite In Y2K Laws

The threat of legal action makes would-be Y2K offenders do the right thing

By Leon A. Kappelman

'm concerned that some provisions in the year 2000-related legislation under consideration in Congress, as well as in many state legislatures, will greatly increase Y2K damage. Though legislation is important, it cannot provide a simple solution or a quick fix to the complex set of interrelated problems we call "Y2K."

My concerns are all related to provisions in many bills that I believe will significantly reduce the incentives companies have for getting their Y2K work done and preparing for contingencies.

We wouldn't want to prevent the Federal Deposit Insurance Corp. or the Securities and Exchange Commission from pressuring the companies they regulate to reduce Y2K risks. So why should other companies not be under the same pressure? The threat of legal action from companies and individuals harmed by Y2K irresponsibility essentially provides that same external motivation to do the right thing. I don't see why we should reduce the potential penalties for those who fail to reduce and manage Y2K risks.

Fear of litigation is a basic motivation--albeit a negative one--but it works. Look how well the banks regulated by the FDIC are doing in reducing Y2K risks. And deterrence is the reasoning behind our laws against murder, rape, and robbery.

True, Y2K legislation can achieve positives, such as encouraging alternative dispute resolution, achieving proportionate liability, and extending statutes of limitations so that emphasis is on mitigation instead of litigation. Even questionable corporate welfare provisions such as Y2K tax incentives can have positive effects--assuming that the dollars are spent to mitigate Y2K risks.

Among the suggested provisions that seem to run the greatest risk of inadvertently increasing Y2K damages, are:

Elimination or reduction of liability of senior management. For too many Y2K projects, it's been so hard getting the attention of these executives. The threat of litigation is a threat to an executive's time in depositions, court appearances, and so on. There's no good public-policy reason to take the pressure off executives to do the right thing. In fact, the SEC and FDIC are increasing the pressure.
Creation of a "cooling off" period. It sounds like a wonderful idea, but it may actually extend into the year 2000 the deadline for vendors and others to get their Y2K work done. Meanwhile, their customers languish in financial meltdown and helplessly go out of business. It seems the only thing cooling off under this scenario is the pressure on vendors to get their repairs done in a timely manner.
Anything else that would reduce the penalties for harming others, such as limits on punitive damages. Is there any good public-policy reason to make murder, robbery, or fraud legal if one commits such crimes with a computer? Of course not, but that's what our legislators are being asked to do.

There's nothing special about high-tech products, or the Y2K dilemma that suggests they deserve special treatment. The "software is an art form" theory is just an excuse. Software is no more an art form than is good medicine, good architecture, or good scientific research. They all have their creative side, but they're also very rigorously disciplined endeavors.

If Y2K were related to any other product besides computers, we'd be considering recalls and lemon laws instead of special-interest protections disguised as legislation.

But IT really is just another product. Don't be fooled into believing otherwise, and don't let your legislators be fooled.

Don't allow your elected representatives to legalize the act of hurting others with technology in the name of trying to help solve Y2K problems. Contact them now before it's too late.

Leon A. Kappelman is associate director of the Center for Quality and Productivity at the University of North Texas and co-chairman of the Society for Information Management's Year 2000 Working Group. He can be reached at kapp@unt.edu.