More legal mumbo-jumbo

I was going to leave the issue of Y2K with this column and move on to the next subject on my list (e-business and e-commerce), but a plethora of e-mails has prompted me to add a few more items to this subject. One of my previous columns discussed the legal ramifications of Y2K on VARs and developers, and that column accounted for the majority of e-mails from readers. Many asked questions I didn't have answers for, so I turned to a few legal resources to dredge up answers. Herewith the results of those discussions.

The first issue of concern for many VARs and developers is whether they are legally responsible for anything they do directly, or install from another vendor. As you might expect, the answer is "maybe". First, some clarifications are in order before answering that question. If a reseller, developer, or manufacturer claims that their product is Y2K compliant, they are legally liable for any problems that arise. If you have resold or installed one of those products as part of your business, you can be held responsible for not ensuring the products are what they claim they are. However, since the vendor is the one making the claims, it is they who are responsible for any problems you incur. Second, if someone sells a product they know will cause problems in 2000, especially in the last few years when Y2K is a major concern, they are liable for negligence (or worse, fraud). Third, if any consultant or other body certifies software or hardware as Y2K, they are liable for the damages if the product turns out to be buggy. Fourth, if you make any claims about Y2K compatibility or compliance, you are held accountable for the accuracy of that statement (so check first!).

The upshot of all this? Many companies now label their products as safe for the roll-over. If those products are involved in your installation or project, then you can rightly pass on those claims to your customers. You should not make any claims that you cannot support, much less deliberately mislead a customer into thinking there are no problems with your work, because you will be held liable. Since many vendors of software and hardware refuse to label their products Y2K compliant, what can you do to protect yourself? The best approach seems to be to be honest with the customers and make clear the fact that you have no specific information about Y2K compatibility. You can test the system yourself and pass the results (hopefully positive) along to your customers, but do not claim the product is Y2K compatible or you are liable if it isn't. I've had many requests for paragraphs of text that can be put into contracts and warnings to get VARs off the hook in case of problems, but no legal person I spoke to thought this was a good idea, as it involves many pages of text. Instead, be honest with your customers and let them know what you know (or don't know). The risk of an expensive lawsuit should outweigh the potential loss of sale in some cases.

A few side issues arose during my discussions. Suppose you have customers with software or hardware that is a problem for Y2K, and they need to upgrade to a later version to fix the problems. Are you liable for the costs of the upgrade? The answer seems to be no. As long as you make it clear to the customer that an upgrade is necessary to provide Y2K compliance, you are safe. If they don't upgrade, it's their fault. However, notice must be well in advance (not Dec of this year) and must be clear as to why the upgrade is necessary. If the customer just bought the product, then you will have to make some accommodation with them, as they justifiably had the expectation any recent purchase would be Y2K compatible. However, if the software or hardware is more than a year or two old, you would seem to be safe although there is always the issue of misleading the customer and fraud, as you'll see in a moment. Just telling a customer they may have Y2K problems is not a safe way out of your liability.

Are you responsible for making existing systems Y2K compliant if you installed or developed them? What if the warranties have expired? The legal consensus seems to be that if the customer has a warranty or maintenance agreement, the agreement should cover any Y2K issues. It's up to you to make sure the customer's products are Y2K compliant. However, if the products or services are out of warranty, we get into conflicting opinion. First, since the warranty has expired, you might think you're safe. However, the customer can always plead fraud, which does not cease to be an issue when the warranty expires. In the U.S. fraud has a statue of limitations of seven years. No such protection in Canada! If the customer believes they were misled, you can be on the hook. However, if you diligently notify the customer that their out-of-warranty product is not Y2K compliant, then you're back to the argument in the previous paragraph. In most cases, my legal sources agree, regardless of the warranty, the vendor is legally responsible. If you resell, you can be held partially liable, although the manufacturer of the software or hardware will bear the brunt of the blame. Custom software you've developed, of course, is all your own problem.

Finally, what about insurance for Y2K issues? Well, for the most part, forget it. Most insurance companies have very quickly amended their policies to exclude any Y2K problems from your coverage. The exact wording and impact depends on the insurance company. Some don't cover any problems you experience because of failure of your own computer systems. Some expand the exclusion to include liability for anything you've installed for customers. So, don't assume your liability insurance will hold up under a lawsuit: insurance companies didn't get rich by taking on known risks. Check your policy carefully and talk to your agent to find out exactly what is and isn't covered.