RSS icon

Top Stories

Will the Year 2000 Bug Leave You Liable

November 1, 1998
Related Topics: Technology and the Law, Human Resources Management Systems (HRMS/HRIS), Featured Article
Ever since the pesky year 2000 bug (Y2K) entered the scene, the concern has surrounded potential damage to company profits and customers. But how it could hurt your employees is another whole piece of the problem. As companies look at the year 2000 issue, HR plays an important role—protecting computerized payrolls, benefits, and 401(k)s from the Y2K problem. In doing so, you’ll be protecting your company from lawsuits—current estimates are the Y2K problem will spawn $1 trillion to $3 trillion worth of litigation.

Attorneys Martin J. Stanek of Pittsburgh firm Eckert Seamans Cherin & Mellott and Sarah Lockwood Church of Sweeney Metz Fox McGrann &Schermer LLC, also in Pittsburgh, offer a checklist of HR considerations.

What are the basics of the year 2000 bug that businesspeople should understand?
Everybody starts with a description of the Y2K as being problems caused by all the computers that use two digits for years instead of four—meaning they have no year 2000 capacity, so all the clocks will turn to the year 1900 rather than 2000. Technology is so prevalent now that virtually every company on the face of the earth will have problems. And they all interact with each other, so one company’s problem could affect another company. The complications fall into three large areas.

[Pullquote] Technology is so prevalent now that virtually every company on the face of the earth will have problems.
–Martin J. Stanek, Attorney [/Pullquote]

And what are those?
One area would be your traditional computer-software and computer-hardware issues. That’s software that you have in-house that you use day to day to keep your business running. Even computer hardware that was manufactured as recently as last year could have year 2000 problems in it, [causing it not to] function after the year 2000 or not function correctly.

The second area is embedded-chip issues. With embedded chips, you’re talking about the microprocessors that are built into everything from your VCR at home to PCs to equipment on plant floors to copiers to fax machines, phone systems, security systems, elevator systems—they’re everywhere.

Last year there were 7 billion chips put into all kinds of components. These chips all have operating systems built into them. So even if they’re not obviously date-sensitive or date-functional, they can have a date problem. And uncovering embedded chips is just a nightmare because in most cases they’re built into a larger component.

What’s the third area?
If you do everything humanly possible to have every single piece of software and every piece of equipment in compliance, that’s the tip of the iceberg. But you’re dependent on every one of your vendors, as well. You really don’t have any control over those third parties. So all you can do is ask a lot of questions and figure out how you’ll deal with these third-party problems when they arise.

 For things outside your control that have an impact on HR policies, have a strategy in mind for how you’re going to deal with it.
–Sarah Lockwood Church, Attorney

What kinds of problems will surface for HR?
Lockwood Church:
Earlier this year, the Department of Labor came out with a news release that said, "Oh, by the way, employers, if you sponsor an employee-benefits plan, you have a fiduciary obligation to make sure that the year 2000 problems don’t negatively impact plan participants and beneficiaries." In other words, if your business plans get all screwed up or your administration gets screwed up, you can be liable for breach of fiduciary duty.

Did that news jolt people?
Lockwood Church:
I think businesses have been focusing on running the business. Is the plant going to shut down? What’s going to happen to the records of our customers? So this little notice that came out of the Department of Labor was kind of a wake-up call to make people focus on the things in HR they ought to be concerned about.

So how will employee benefits be affected by Y2K?
Lockwood Church:
Employee benefits are very date sensitive: date of hire, date of termination, date eligible to take early retirement, how long an employee has been able to get continuation coverage—HR has got to track all of that. With some of the new legal requirements under the Health Insurance Portability and Accessibility Act, HR now has to count how long somebody has been covered under the health care plan and give employees certificates that state the length of coverage. Then if the employee goes to another employer, he or she gets to count that against any pre-existing condition exclusion.

So both in the tax-qualifying plan area and in the health care area, there’s the necessity to keep accurate records of coverage and employment dates. And one way that HR does this is through the payroll system.

How does HR address this?
Lockwood Church:
[Ask]: Does the payroll system work? Will it feed properly into my benefits administration? What software do we develop in house? What software have we imported from outside? Has it been updated for year 2000 compliance? What outside vendor do we use to help us with our benefits administration?

What if HR wants to prevent as many problems as possible?
Lockwood Church:
Make a list of all internally developed systems—such as payroll—that you use to administer your plans or keep benefit records. Meet with your system administrators to make certain they understand the use you make of the systems. Make any changes necessary to prevent year 2000 transition problems. If replacement assistance is an option you plan to use, be aware there may not be sufficient time remaining.

How will HR know if there is enough time?
If it’s a system of any significant size, there probably isn’t time. In a lot of cases, projects take anywhere from 18 months to two years. Typically in this area, at least 70 percent of those projects go over schedule. So you’re running out of time for any problems that come up.

Lockwood Church: And the vendors are all so booked. At this point, you may not be able to find someone who can come in time to do it.

If there isn’t time to make the necessary changes, what then?
Sometimes there’s no real option. If it’s a system like payroll, and you have tens of thousands of employees, plan B may mean doing manual paycheck preparation. There’s a real need to look at this as a project-management issue that spans your whole enterprise, and a need to prioritize and figure out what to do.

Lockwood Church: The only other plan B I can think of would be if you’re doing payroll in-house, you outsource it to a vendor that will be compliant. You outsource it either while you build a new system or decide you’re going to outsource it permanently because it’s going to cost you too much to build a new system internally.

What else should HR do?
Make a list of all software packages you use to administer your plans. Review the license and support contracts to determine whether year 2000 compliance updates are necessary and when they will be provided. You should also verify compliance with your own testing—something you’d probably have to do with the IS department.

Right now everybody’s sending out vendor questionnaires saying, "Is the stuff you gave us compliant?" One client of ours decided to independently test some of its vendor responses that indicated everything was OK. Ninety percent of the services and products that were warranted to be year 2000 compliant were not.

Lockwood Church: Basically it means going into your system ... saying, "Let’s pretend the clock has just turned over, and let’s calculate somebody’s benefits." So you move the clock ahead in the system and see how it works. In most cases it doesn’t.

But IS should be involved?
You really need to know what you’re doing because if it doesn’t work, you’ve locked everything up to the point at which you can’t get the data back, or you can’t get the clock wound back.

If you haven’t thought to back up your information onto something before that, you’re out of luck. You’ve just made a bigger problem. Testing is a very difficult thing, and it’s a case-by-case kind of a thing. It’s unique for every single component or software program.

You talked about making a list of all outside HR vendors and service providers?
Lockwood Church:
Yes, then contact each of them and ask for certification on year 2000 compliance.

Most are reluctant to provide meaningful certificates. It’s a problem because it’s not something you can legally demand. A lot of vendors look at those questionnaires and say, " If we can’t provide information that’s going to make us look good, we just won’t respond at all."

What should you do if that were the case?
Lockwood Church:
I think your only leverage is saying, "Well, we’re going to have to look for other vendors. We need to know, from a fiduciary standpoint, if you’re going to be able to stand by the year 2000 issue. We can’t put ourselves at risk by letting you continue to be our vendor when you will not assist us in this effort." Go to a company that will certify that it has solved all its year 2000 problems and that there will not be any interruption in the provision of benefits to your employees.

Stanek: But remember that your company can only control a very small part of this problem. Any vendor that’s telling you it’s compliant is also probably only talking about the very small part of its own problem that it can control.

What would be a problem it couldn’t control?
Lockwood Church:
If you outsource your payroll and there’s no electricity in the part of town where your payroll outsourcing agent has operations, that’s outside your [and its] control. But had the vendor had power, it would be year 2000 compliant.

And problems don’t end with vendors, right?
Lockwood Church:
There was some legislation introduced back in April. It actually added a new section to ERISA that said, "You’re not going to fulfill your fiduciary duties unless you know that all of the issuers of securities in which you invest are year 2000 compliant," which puts a big burden on the plan sponsor. [As of press time, this piece of legislation hasn’t moved.]

HR has to say: "Okay, we’ve got [pension funding] through stock in IBM. Is IBM compliant? I’ve got stock in other companies—how are they going to comply?"

How do you find that out?
Lockwood Church:
There was a bulletin issued in January 1998 saying public companies have to disclose what they’re doing about the year 2000 bug, and whether they think it will have an adverse effect on their company.

If they can’t answer those questions, [the unanswered questions are] what they have to put in the file—that they haven’t done enough work to know. So the first step is to look at that. But then you’ve got to document that you looked at it. The whole problem is nobody knows what’s going to be adequate due diligence in this area.

What would you suggest as a baseline?
Document all your due-diligence efforts. You may be called upon in the future to substantiate that your compliance efforts satisfied a due-diligence standard. Without documentation, that may be impossible.

If there’s a plan committee in charge of administering your plans, make certain committee minutes reflect a discussion of the year 2000 bug and the steps taken to ensure compliance. Also, be sure committee members aren’t simply relying without question on reports being given to them.

But I don’t think the standard will be that you have to avoid year 2000 problems altogether to be free of liability. I think the standard will be that you have to be reasonable and make a good-faith effort to avoid the problems or be ready for them and deal with them effectively.

What other potential problems will Y2K create that fall into the realm of HR?
Lockwood Church:
Failures in the HR area can include cars that have onboard computers that fail; employees can’t get to work because their car legitimately would not bring them in. Mass-transit systems that people rely on to get to work may not operate for days.

One of the most important things you can do is provide some sort of backup system of how you’re going to deal with failures. Are people going to be docked pay for these problems? For things outside your control that have an impact on your HR policies—your absentee policies and so forth—have a strategy in mind of how you’re going to deal with it. For example, should employees be charged with vacation?

Any last advice?
Review your fiduciary policy to determine if it will cover year 2000 claims. Insurance, in general, will be the source of a tremendous amount of litigation—with coverage issues very uncertain today.

The information contained in this department is intended to provide useful information, but should not be construed as legal advice or a legal opinion.

Workforce, November 1998, Vol. 77, No. 11, pp. 103-106.

Recent Articles by Gillian Flynn

Comments powered by Disqus

Hr Jobs

View All Job Listings