Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

The millenium issue [1998] PLBIRp 6; (1998) 44 Privacy Laws and Business International Report 8

Make your data secure before the millenium bug bites UNLESS PRECAUTIONS ARE TAKEN, computer software

and hardware malfunctions will occur at the turn of the century. If personal data becomes inaccurate because of technical problems, companies will be breaching the data protection laws, and may face litigation from data subjects.

The year 2000 problem has been widely recognised, but are data pro- tection managers aware of the risks that the millenium bug can have on the management of personal data? While large corporations have IT departments to deal with the milleni- um question, how can small and medium-sized businesses make sure that their data processing will not be affected? Also large corporations often depend on small businesses as their suppliers.

The millenium problem results from old computer system design. have not assessed their sys- tems should do so immediately. Companies that could not conduct business without the help of comput- ers face the greatest risk.

Large companies have generally made good progress and many aim to be year 2000 compliant by the end of

1998. Even though for some compa- nies the year 2000 issue may be their biggest IT project ever, many have accepted that systems have to be reviewed at any cost. It is the smaller companies, however, that have not necessarily taken any action yet. some PC programmes that still use only two digits for dates. Interestingly, not even the leading software house, Microsoft Corp- oration, has completely managed to avoid the year 2000 issue. It announced in April that three of its core products, Office Professional 4.3, Word for MS DOS 5.0, and Access

2.0 are not year 2000 compliant.

If time is running short, attention should first be paid to operations that are critical to the business. This includes reviewing contracts with suppliers and companies providing

In the 1950’s and 1960’s, program- mers tried to save some memory by support services. It is essential to carry out a thorough evaluation of

using only the last two digits of the year. Numbers 69 marked 1969 etc. However, with the year 2000, the computer systems will be puzzled as these two digits will be 00. The machines could interpret the two zeros as either 1900 or 2000.

If the millenium problem is not tackled, numerous functions that we rely on in our every-day life will start to go wrong. For example, it may be impossible to collect the right amount of pension because the computer may wrongly interpret your date of birth. Even things like traffic lights or car park barriers could fail to operate correctly as they include functions which rely on hardware and software that use date references.

ACTION RECOMMENDED NOW

As the magic date is only some eight- een months away, companies that The main task is to make sure that all the company’s software and electronic systems containing an embedded computer chip1 are milleni- um compliant.

It can be assumed that most new software is fine. There are, though, many mainframe programmes and

what action is taken by the organisa- tions your company deals with. Unless they also become millenium compliant, your organisation could be in trouble, regardless of the efforts made in-house. However, customers should not be forgotten. In order to make sure that customers will not be affected by the millenium problem, programmes and databases that use personal data need to be checked.

CONSIDER COSTS AN INVESTMENT IN THE FUTURE

The technical solution to the milleni- um problem is not too complicated. Large costs could be incurred on the time spent reviewing all systems and testing them afterwards. However, costs should be bearable if they help to avoid more serious effects, which could include hospitals losing patient data, banks losing mortgage interest

because of incorrect dates, or travel companies making incorrect passen- ger bookings.

Companies also need to recognise that many losses resulting from mille- nium problems may not be covered by existing insurance policies if precautions have not been taken. Special year 2000 insurance policies are available.

THREAT OF LITIGATION KEEPS COMPANIES ALERT

The high risk of litigation from other companies and data subjects cannot be ignored. Data protection managers should be aware that data subjects may make civil claims for compensa- tion if their personal data is found to be inaccurate.

In the USA, companies are already taking matters into the courts. A food retailer called Produce Palace International is one of the first US companies seeking a settlement for a millenium-related problem. The company purchased a cash register system from Tec-America which failed to recognise credit cards that expired in the year 2000 or later, and is now hoping to receive huge com- pensation from the supplier. Produce Palace was already offered $260,000 as a settlement, but it rejected the offer. Many US states are currently in the process of introducing state legis- lation which will limit public sector liability for computer errors due to the year 2000. In California, there are also initiatives to introduce these

measures into the private sector.

BRITISH MP PROPOSES LEGISLATIVE MEASURES

It is generally thought that Europe is behind America in ensuring milleni- um compliance. According to a report by Cap Gemini’s Year 2000

Services, there is a particular need for the Netherlands, Belgium and Finland to catch up. In the UK, recent initiatives include a Millenium Conformity Bill, proposed by MP David Atkinson and presented to the House of Commons at the end of March. The Bill would introduce criminal sanctions for misleading consumers into believing that a product is millenium compliant, and would require every company to provide information about its level of compli- ance by 1st October 1999.

EXAMPLE OF GOOD COMPLIANCE: SAINSBURY’S

The UK based supermarket chain, Sainsbury’s, started preparing for compliance back in 1995. As Sainsbury’s customer services depend on computers and electronic controls, it was essential to start preparing early. The company also holds a large database containing the personal data of its Reward card customers.

One of the first tasks was to change systems to be able to handle credit cards that expire after 1999. This precaution was taken as it was anticipated that there could be prob- lems during 1999.

Sainsbury’s year 2000 compliance project has cost £400 million. It has been well staffed with 170 people working in the UK, and it is expected that, by October, all business systems, which mainly include software, will have been reviewed. The second part of the project involves reviewing the infrastructure, for example the functioning of automatic doors, which is planned to be completed early next year.

Apart from identifying the steps that need to be taken within the company, Sainsbury’s also established a helpline for its suppliers, and made some information public to other companies. The idea for information sharing was introduced by a govern- ment initiative called Action 2000 which encouraged large companies to share their knowledge with small and medium sized businesses. It was found that small businesses need, in particular, to ensure that their data- base programmes are written correctly.

WHERE TO GO FOR INFORMATION

There is a wealth of information on year 2000 issues on the Internet. In the UK, both the Central Computer and Telecommunications Agency

(CCTA) and the British Computer Society (BCS) offer advice in the form of booklets. The BCS’s publication is called The year 2000 – A practical guide for professionals and business man- agers. The two volumes cost £30 for non-members.

The CCTA’s guide, Tackling the year 2000, comes in six parts and can be purchased for £295. The CCTA estimates that each volume will save organisations a day’s consultancy fees. To find someone to review your company’s computer and electronic systems is now proving to be difficult as most consultants dealing with year 2000 problems have been booked years ago.

1 Embedded systems exist in

all computers. They are used to control and monitor processes and machinery.

i

For year 2000 information on the Internet, look at

www.ccta.gov.uk/mill/cct_gui.htm, and www. bcs.org.uk. For more information about the Action 2000 project which provides information on the millenium question for

UK small and medium sized

businesses, Tel: 0845 601 2000.