InformationWeek
Defining The Business Value Of Technology
September 27, 1999
 Print this story |
Your remediation work may be done. It's now time to make sure you're protected legally and that you're not at the mercy of vendors.
By Rivka Tadjer
In the past year, Congress has enacted two Y2K laws: the Year 2000 Federal Act, passed in July, and the Year 2000 Information Readiness & Disclosure Act, passed last October (see story, p. 350). Legal experts say it's the provisions of the second law that companies really need to address. The Information Readiness and Disclosure Act requires companies to disclose, in writing, if an adverse affect will take place because of Y2K-as well as to document a Y2K contingency plan.
"And you can't plead ignorance," says Samuel Kramer, a senior associate in the IT practice group at Chicago law firm Baker & McKenzie. "The standard companies are held to is very high. You have to have made concrete, testing-based efforts to determine Y2K problems."
If a company makes a good-faith disclosure of its Y2K remediation efforts, the statute states, the content of that disclosure can't be held against the company. That's the beauty of fully complying with the law, says Larry Zanger, chairman of the IT and E-commerce law department at McBride, Baker Coles, another Chicago law firm.
Say you're an insurance firm and you've gone through rigorous, documented testing of a claims-processing program. The first set of claims processed next Jan. 3 fails. A customer who can't get an insurance claim processed after Jan. 1 is unlikely to have any luck in court if the insurance company documents that the problem existed, that every conceivable effort was made to rectify it, and that a Y2K maintenance contract with the system vendor is in effect as a contingency plan.
Extra Work
Community Medical Center, a community hospital in Fresno, Calif., with 450 beds and 2,000 employees, has been conducting extensive Y2K tests, in part because of the regulatory requirements. "Regulators such as the Food and Drug Administration have very specific tests we have to run, such as shutting down our uninterrupted power supplies, to see what happens, and designing tests to change dates on all of our programs," says Tom Halliday, who's in charge of Y2K testing for three hospitals that Community Medical Center owns. "So all of our Y2K testing was done based on regulator guidelines."
What Halliday learned, now that the process is pretty much over for him, is that two factors are critical in compliance with the Information Readiness & Disclosure Act: Documenting the testing and coming up with contingency plans. "We were lucky because McKessen HBOC-the widely used medical software vendor-sent us documentation that they were setting up extra staff available 24-by-7 for any Y2K problems," Halliday says. "But if the vendor didn't do that, we probably would have hired a consultant to come up with a contingency plan just to be safe."
Related links:
ith the droves of year 2000 programmers heading for the exits, maybe you thought that the phrase Y2K bug could be removed from your daily vocabulary? Well, not so fast. Legal experts say failure to document a backup plan and warn your customers of potential Y2K failures could expose your company to lawsuits. Instead of moving forward on all those neat Web projects, it's time to be sure of two things: that your company isn't exposed to lawsuits for neglecting to handle these administrative issues, and that it's not at the mercy of vendors-many of which will have little sympathy for companies that have failed to write backup plans, particularly amending corporate maintenance and warranty contracts.
IT executives who've gone through the Y2K-compliance equivalent of boot camp say once they took a hard look at the Information Readiness & Disclosure Act, they ended up doing a lot more than they originally anticipated to be ready for the year 2000. 
continued...page 2
Back to This Week's Issue
Featured Microsite
