ITAA's Year 2000 Outlook July 31, 1998 Volume 3, No. 29 Published by the Information Technology Association of America, Arlington, VA Bob Cohen, Editor bcohen@itaa.org Read in over 70 countries around the world ITAA's Year 2000 Outlook is published every Friday to help all organizations deal more effectively with the Year 2000 software conversion. To create or cancel a subscription to this free publication, please visit ITAA on the web at https://www.itaa.org/tr ansact/2koutlooksub.htm. ITAA's Year 2000 Outlook is sponsored in part by CACI International Inc., DMR Consulting Group Inc., and Y2Kplus "Good Samaritan" Reaches Capitol Hill President Clinton's "Good Samaritan" legislation made its way to Capitol Hill this week. Given the few days left before legislative adjournment and the difficulty in achieving consensus on the bill, observers predict that passage this year is problematic . The measure would promote greater openness and information sharing on Y2K problems and solutions by creating a uniform standard of legal liability to protect those who, in good faith, engage in such activities. The bill would create limited liability protection for the makers of Y2K statements alleged to be false, inaccurate or misleading. That could take the pressure off companies interested in being more forthcoming on Y2K matters. Claimants would need to prove the statement maker's intent to deceive or mislead, to be grossly negligent or to have access to prior knowledge that such state ments are false. A similar standard would apply to Y2K-related defamation or trade disparagement claims. The bill would establish Internet websites as an adequate mechanism for notification of Y2K information where no other is specified by statute. The legislation would also restrict statements from being "construed" as amendments to written contracts or warranties (unless other specific conditions apply). The liability protections would not apply to statements made directly to consumers. Whether the bill goes too far-or far enough-will no doubt help determine its fate in Congress. In a letter to Congressional leaders accompanying the new legislation, Y2K Czar John Koskinen and Office of Management and Budget Acting Director Jacob Lew wrote, "We want to make it clear that this legislation does not address liability that may separately arise from actual Y2K failures of systems or devices. While we understand that companies have a wide range of concerns about possible Y2K litigation, this legislation is focused exclusively on exposure related to information exchange. For that reason, it also excludes from its coverage statements made directly to consumers in connection with the sale or marketing of consumer products and services. It shoul d also be noted that the legislation does not interfere with the activities of Federal or State regulators or affect existing contracts." Some observers, including ITAA President Harris Miller, call the Good Samaritan legislation a good start, with modest goals in keeping with current political realities. Good, of course, could always be better. For instance, Miller said improvements to the bill would add liability protections not only for false statements but for true statements as well. One concern is whether claimants might be able to use a company's true and accurate statements in civil actions. Miller also cautioned that the discussion of broader liability protections has not even begun and, whatever the fate of this legislation, these more complex issues will have to be addressed in the next Congress. So whether a "good start" is good enough to be effective remains to be seen. Washington DC Y2K Users Group Chairman Bruce Webster says "You're not going to get information disclosure from organizations unless they perceive it as both safe and beneficial. The Good Samaritan bill addresses the 'safe' part but not the 'beneficial' part." Webster says that competitive pressures force many companies to seek a quid pro quo or other benefits before sharing information. How do companies stand to benefit, he asks, when a lawsuit may still be lurking around the corner? "In any liability relief you get suits challenging the boundaries of that relief. What if you have vague areas or misinterpretations?" Webster suggests organizations will need rewards to balance such risks. One reward is access to the information of ot hers, particularly about products which are Y2K compliant and those which are not-information of special interest to companies making a late run at their Y2K conversions. Webster calls the Good Samaritan bill necessary but not sufficient. And he is also concerned that having introduced the legislation, the Clinton Administration may conclude that its work is done on the issue. Williams, Mullen, Christian & Dobbins partner Greg Cirillo says that while the Administration has demonstrated that its heart is in the right place, the Good Samaritan bill represents a "Rubik's cube" of competing interests. He says the bill does not address consumer class action suits, perhaps the biggest unknown in the Y2K litigation puzzle. At the same time, however, he calls it a shotgun approach to matters best addressed with a scalpel. Cirillo says an alternative approach would be to deal with Y2K litigation fears on an issue by issue basis, whether in terms of securities fraud, fair debt collection or other matters. Cirillo's "too broad" formulation underscores the uphill battle this bill faces moving forward. Ron Palenski, Assistant General Counsel at GTE Technology and Systems, says the bill is purposely narrow in scope to improve its chances on the Hill. According to Palenski, "The need for information sharing about Year 2000 is now. Today. Disclosure of information is critical. I encounter the problem every single day." He indicates that legislation broadly limiting liability will not pass in the current Congress. With only about 30 days left on the legislative calendar, Palenski says the time to pass an information sharing bill is now; lawmakers will not give other approaches serious consideration, he says, until well into 1999. "If some are saying the bill is too broad and others say it's too narrow, that probably means it's just about right," Palenski says. SEC Votes to Strengthen Disclosure Requirements The Securities and Exchange Commission (SEC) voted this week to adopt "comprehensive" interpretive guidance aimed at upgrading the disclosure of public companies about their Y2K status and risks. Previous SEC attempts to prompt such disclosure informati on have drawn boilerplate from corporations and criticism from Sen. Bob Bennett, chairman of the Senate Banking Subcommittee on Financial Services. The new interpretive release provides specific guidance on Y2K disclosure. Companies must make such disclosure if their Year 2000 assessments are incomplete or if management determines that Y2K issues would have a material effect on the results of busine ss operations or financial conditions, "without taking into account the company's efforts to avoid those consequences." "The Commission believes that the vast majority of companies have material Year 2000 issues, and therefore expects them to address this topic in their Management's Discussion and Analysis of Financial Condition and Results of Operations (MD&A). In almost all cases, this disclosure should be updated in each quarterly and annual periodic report," the Commission said in a statement. Disclosure must cover the company's state of readiness, Y2K costs incurred, risks faced, and contingency plans. "I'm encouraged that in the face of disappointing corporate filings on Y2K, Chairman Levitt recognized the inadequacy of the filings and moved to strengthen the disclosure requirements," Senator Bennett said. "Hopefully, now that the SEC has ratcheted up the standards of scrutiny and accountability, U.S. corporations will decide to be more forthcoming with the Y2K efforts." Bennett again warned that if the new interpretive release does not prove adequate, he will consider legislative options to mandate compliance. The interpretive guidance is the latest in a series of steps by the SEC, beginning in May 1997, to elicit Y2K information from public companies. Each step has grown more explicit as the clock ticks down. As noted, the guidance released this week states that a company must provide disclosure if its Y2K assessment is not complete or that it determines that consequences on the company's business, results of operations or financial condition would be material. In determining whether to disclose, the SEC sa ys that assessments are not complete until the firm has taken reasonable steps to verify the Year 2000 readiness of third parties. Material consequences, the Commission says, must be determined on a "gross" basis. Lacking clear evidence to the contrary, a company must assume that it will not be Year 2000 compliant, the SEC says. The interpretive guidance, available at http://www.sec.gov/rules/concept/33-7558.htm, provides detailed discussion of what types of information companies should include in their disclosures. The SEC document also includes guidance for investment advisers , investment companies and municipal issuers. Mercer Studies Y2K Salaries A Y2K salary survey by William M. Mercer finds newly hired intermediate systems analysts and programmers enjoying 13 percent pay increases. The Mercer survey of nine consulting firms indicates these new hires earned an average $52,700 in the first quarte r 1998 and $59,500 in the second quarter. Bonuses also proved to be popular for keeping bug bashers on the job, with several firms paying out an average of 8 percent of salary. Some organizations accrue the bonuses for pay out in the Year 2000 while others link the awards to accomplishing project milestones. Closer to Home Two more firms have received ITAA*2000 certification: Liberty Check Printers of Roseville, Minnesota and Systems and Database Technology (SDT), Inc. of Ridgefield, Connecticut. ITAA*2000 is the industry's century date change certification program. The program examines processes and methods used by companies to perform their Year 2000 software conversions. Both participated in a rigorous evaluation of their approaches to date conversion, with extensive analysis in eleven discrete process areas deemed necessary to a successful Year 2000 conversion. Business to Business Sterling Software, Inc.'s Information Management Division, New York, NY, has announced the release of VISION:Webaccess 1.5, a tool which extends the benefits of business data to end-users through Internet/Intranet connections. SCB Computer Technology, Inc., Memphis, TN, has been awarded a $3.5 million Y2K contract by the Alabama Department of Human Resources. Computer Associates International Inc., Islandia, NY, has entered into a Y2K referral agreement with The Source Recovery Company, LLC. Under this agreement, CA will refer clients with missing source code to SRC. SRA International, Inc., Fairfax, VA, has won a Y2K IV&V services contract with the U. S. Postal Service. Attest Systems, Inc., San Rafael, CA, has been awarded a Y2K contract by Kaiser Permanente. ITAA Y2K Information Center Solution Providers Directory http://www.itaa.org/script/2000vend.cfm ITAA*2000 Certification Program http://www.itaa.org/2000cert.htm Outlook Archive http://www.itaa.org/script/get2klet.cfm Legislative and Litigation Table http://www.itaa.org/Y2Klaw.htm Calendar http://www.itaa.org/y2kcal.htm Vendor/User Status Questionnaires http://www.itaa.org/questmain1.htm Copyright ITAA 1998. All rights reserved. The Information Technology Association of America, 1616 N. Fort Myer Drive, Suite 1300, Arlington, VA 22209. Internet: http:\\www.itaa.org