In July 1998, U.S. Sen. Christopher J. Dodd (Conn.), ranking Democrat on the Senate Special Committee on the Year 2000 Problem, chastised the U.S. Food and Drug Administration (FDA) because they had received only 500 responses to a letter requesting Y2K data from 2,700 manufacturers. Getting a response rate of less than 20 percent to something that you would expect would be not only legally sensible but also morally right indicates there are still problems of awareness and competitive advantage to be worked out.

Obviously most firms, not only manufacturers, are being pretty close-mouthed about this sort of information. They fear the legal and marketing implications of saying much, if anything. With all the uncertainty about "compliance," including the lack of a standard definition, they have been afraid that whatever they said might turn out to be wrong, or their statement might be used against them in future litigation, or both. And if government agencies are having this much trouble, what kind of success are firms like yours expected to have?

It was this generally uncooperative atmosphere that resulted in hurried drafting and passage of legislation to encourage sharing Y2K information. On Oct. 19, 1998, just four months after the above event and on the first day of National Y2K Action Week, President Clinton signed Public Law 105-271, the Year 2000 Information and Readiness Disclosure Act. A compromise between Senate Bill 2392 and House Resolution 4455, and sometimes referred to as the "Good Samaritan Act," this legislation was backed by a broad-based industry working group that included the National Association of Manufacturers (NAM). The intent, according to the text of the Act itself, was "to encourage the disclosure and exchange of information about computer processing problems, solutions, test practices and test results, and related matters in connection with the transition to the year 2000."

The Act can help you in two ways:

• It protects you when you provide information to others concerning your Y2K readiness.
  
  
• It gives others the same protection in providing readiness information to you.

The Act offers some immunity to companies that want to come clean about their readiness for the millennium. Under the Act, some forms of Year 2000 statements cannot be used as evidence in Y2K litigation cases.

Statements must be made between July 14, 1998 and July 14, 2001. One provision of the law enabled you to bring your previous statements, made since Jan. 1, 1966, into compliance with the law. But that "grandfathering" provision had to be fulfilled within 45 days after it was enacted. That window expired Dec. 3, 1998. (But you may want to check out your key suppliers, customers, distributors, etc., to see what they have done in that period of time.)

The Act is generally considered to apply between firms doing business in the United States and their U.S.-based customers. There are some exceptions regarding consumers. Since it encourages use of the Internet to disseminate such information, it does create a cautionary approach for firms involved in multiple countries. What if your firm is U.S.-based but also doing business in other countries? The Act won't protect you against legal action in those countries. Or if you're based in Europe and make a statement for the U.S. market, could you still be liable in a court on your home ground?

While the Act does not require you to share any information, even about problems, it does do several things to encourage sharing:

• Protects shared information.
  
  
• Encourages using the Internet (a "Year 2000 Internet Web site") as a means of quickly disseminating information about Y2K matters.
  
  
• Protects information shared with the government in response to a "special data-gathering request."
  
  
• Creates a temporary exemption to the anti-trust laws for Y2K information sharing.

The law does this primarily by establishing two categories of information that are protected, provided they are responsible and in good faith. Those two categories are "Year 2000 statements" and "Year 2000 readiness disclosures."

The term Year 2000 statement means "any communication or other conveyance of information � in any form or medium" and covers just about every possible type of information, including:

• Assessments, projections and estimates concerning Year 2000 processing capabilities of entities, products and services.
  
  
• Plans, objectives and timetables for implementing or verifying Year 2000 processing capabilities.
  
  
• Test plans, dates, results and operational problems or solutions related to Year 2000 processing concerning testing of Year 2000 processing for products or services using products.
  
  
• For anti-trust purposes, exemption is specifically granted to share information that will avoid a failure or help correct or avoid the effects of a failure.

As you can see from the above definition of a statement, you can say just about anything under the Act. But remember, the Act only provides certain protections (this is one reason why you need to talk about your specific situation with an attorney). For example, the Act does not prevent legal action because of fraud, intentional deception or recklessness. If you have one or more contracts to provide some product or service, and your ability to fulfill that obligation is disrupted by a Y2K-related technology failure, are you guilty of breach of contract? The Act is intended to protect you from having a statement used against you when you are exercising "due diligence" in Y2K preparations and make an honest statement about those preparations. There will almost certainly be other evidence of what you are doing, including the documentation of your actual plan and progress. Or suppose you were to state:

"We do not believe there is a Y2K problem. Our stockholders expect us to apply their investment wisely. We feel any Y2K-related expenditures would be wasteful and therefore have no plan or program to address it."

Would your clients even continue doing business with you? Considering that the governments of most nations and the majority of large businesses are spending billions of dollars to address the issues, would such a position be defensible? (Remember, the opposite of "due diligence" is "negligence.")

Year 2000 readiness disclosures are much more tightly defined: They must be about your "entity" or products or services you offer, must be in writing and must be clearly labeled. Obviously, this is aimed at specific information relating to readiness status, whereas a statement can cover other types of information. The haziest area is in determining what is eligible for a readiness disclosure. How does a car manufacturer label a vehicle composed of minor assemblies from many manufacturers around the world? How does an integrator label products that are mostly manufactured by others?

A Year 2000 statement cannot be used as evidence of liability unless the firm making the statement knew it was false and either intended to deceive or did not responsibly ensure it was accurate. Otherwise they can be used as evidence for any purpose.

Year 2000 readiness disclosures are given greater protection in that they may not be admitted into evidence against the maker to prove the truth or accuracy of what they say, again unless the disclosure was fraudulent or in bad faith.

It's actually quite easy to provide information under the Act because it generally allows you to simply post the information to your Web site. One example is the Year 2000 Frequently Asked Questions (FAQ) at Bank of New York (http://www.bankofny.com/y2k/). But there are some cases, mostly sales offers, where written notice must be included.

The Act also covers "re-publication." This includes making or sharing statements about others. If you do this, it would probably be safest to include in such statements that the information came from the party identified in the statement, and you have not verified the contents.

Since as you know no business is an island, your firm is subject to disruptions caused by Y2K-related technology failures in your entire supply chain. This means all your business relationships on which your continued operation is dependent: suppliers, customers, financiers, etc. Major auto manufacturers — Chrysler, Ford, General Motors, Toyota and Volvo — have addressed this issue most visibly and aggressively with the Automotive Industry Action Group (AIAG) Year 2000 Program

Getting those you are dependent on to cooperate and share information with you can be difficult, though the Act should make it a little easier. One of their concerns may be what you intend to do with the information they share with you. How will you use it in telling those who need information about your readiness? Will you just use it to determine your position in a general way — "We have checked with all of our third parties and believe we are reasonably safe from disruptions caused by them, though there are inevitable uncertainties as we have not verified these statements"? Or will you merely include (re-publish) their statements in your disclosure, along with the recommended disclaimers? I would recommend two things:

1. Determine a method, one of the above two or another, that is most suitable to the speedy and effective accomplishment of your objectives.
   
   
2. Discuss it with your business attorney.

And don't forget, just because you can use a Web page doesn't mean you have to. The AIAG used a restricted access Web site, but any method meeting the basic definition of a "Year 2000 statement" would be acceptable.

For more information on the Year 2000 Information and Readiness Disclosure Act:

• Text of law: http://thomas.loc.gov/cgi-bin/query/z?c105:S.2392.ENR:
  
  
• Senate Special Committee on the Year 2000 Problem Web site: http://www.senate.gov/~y2k/news/pr100198.html
  
  
• Congressman David Dreier's Web site: http://www.house.gov/dreier/pr100198.htm
  
  
• Your corporate attorney.

This Act is a tool that may help you. A number of aspects are being heavily debated in the international legal community. This article is too short to provide more than a brief introduction to the Act. Note that I am not a lawyer, and this information is not advice but general information that may be of value in your Y2K continuity planning. Consult your lawyer for details on how you can use it to improve your Y2K business continuity.

	ABOUT THE AUTHOR
	Don Taylor is the director of Hampton Roads 2000, a technology management firm presently focused on helping firms address Y2K as a business continuity issue. He can be reached at (757) 877-4992 or by e-mail at [email protected]