At the same time that businesses have been furiously ensuring that critical computer systems are Y2K-ready and making contingency plans for the possibility that they are not, Congress and the legislatures of practically every state have been considering draft legislation to address the Y2K issue. Legislators have been struggling to determine whether and to what extent the anticipated risk of Y2K litigation is so unique a problem that it cannot be adequately integrated into existing substantive legal rules and dispute resolution mechanisms. Legislators have also been trying to create an appropriate series of incentives for businesses to ensure that they are Y2K-ready, without cutting off remedies for those consumers who are in fact damaged by a business's failure to be Y2K-ready. While fear of business disruptions -- and the litigation that will almost inevitably arise as a result -- have motivated entities to undertake efforts to become Y2K-ready, it remains to be seen whether legislation will grant them additional protection from lawsuits for having made a reasonable, but ultimately failed, effort to become Y2K-ready.
This memorandum summarizes the major pieces of Y2K-related legislation that are currently pending before the 106th Congress and the general trends reflected in pending state legislation addressing Y2K. Proposed federal legislation is evolving rapidly, and it is becoming increasingly likely that at least some of the procedural and substantive changes described below will become law during the next few months of 1999. There are several high-profile pieces of federal legislation, and Y2K reform is said to be among the Senate's top priorities. Recently, the Senate's Special Committee on the Year 2000 Technology Problem, co-chaired by Senator Robert F. Bennett of Utah and Senator Christopher J. Dodd of Connecticut, issued a comprehensive report detailing the Committee's investigation of the Y2K problem and its impact on numerous sectors of the economy and concluded, among other things, that most affected industries and organizations have started their remediation efforts too late. The report is likely to further spur federal efforts to pass Y2K legislation.
Even if broad federal legislation does become law in the next several months, it appears unlikely that federal legislative efforts will entirely preempt the field of substantive Y2K regulation. As a possible consequence of a dizzying array of proposed state legislation -- nearly every state either has passed (1) or is currently considering Y2K-related legislation -- there will certainly be variations among different states, thereby creating Y2K litigation "havens" for certain plaintiffs and/or defendants.
I. Federal Legislation
A. Year 2000 Readiness and Responsibility Act
The first piece of proposed federal legislation is the Year 2000 Readiness and Responsibility Act, H.R. 775, 106th Cong. (1999) (the "Readiness Act"). This legislation was introduced in the House on February 23, 1999, by, among others, Representative Thomas M. Davis III of Virginia. (2) The bill has the support of a large number of trade associations, including the U.S. Chamber of Commerce, the National Association of Manufacturers, the Semiconductor Industry Association, and the Information Technology Association of America. It is the most dramatic and far-reaching federal legislation regarding the Y2K problem to date; at practically every turn, the Readiness Act removes Y2K litigation from existing procedural mechanisms and substantive legal rules, and commits them to an entirely new dispute resolution regime.
Application: The Readiness Act would apply in any "year 2000 action," defined as "any civil action of any kind brought in any court under Federal or State law" in which a "year 2000 claim" is asserted or in which any claim or defense, other than one for personal injury, is related to an actual or potential "year 2000 failure." Readiness Act §§ 3(11), (12). A "year 2000 claim" is any claim, other than one for personal injury, in which the loss or harm resulted from an actual or potential "year 2000 failure," i.e., a failure by any device system, software, or firmware, in "processing, calculating, comparing, sequencing, displaying, storing, transmitting, or receiving date-related data." Id. § 3(13).
Prelitigation Procedures: The Readiness Act provides for two mechanisms to divert year 2000 actions from the courts. First, prior to initiating any action for damages, a plaintiff would have to provide all prospective defendants with written notice of the symptoms of a material defect (3) alleged to have caused the plaintiff's injury, the nature of that injury, facts as to why the plaintiff would hold each particular defendant responsible for the defect and injury, and the relief sought. Id. § 101(a). The prelitigation notice would commence a 90-day period in which no court action could be initiated. Id. Within 30 days of receipt of the notice, each prospective defendant would have to respond and describe the actions it will take or has taken to address the problems identified in the prospective plaintiff's notice. Id. § 101(b). During the 90-day period, either party may request that the matter be submitted to some form of alternative despite resolution, but such submission would not be mandatory. Id. §§ 102(a)(1), (2).
Pleading in Year 2000 Actions: The Readiness Act divides Y2K litigation into contractual matters, non-contractual matters, and class actions, each of which is treated separately by the bill. Applicable to all year 2000 actions filed in court, however, are specific pleading requirements. The plaintiff would have to specify in a complaint: (1) its damages, both the amount and the factual basis for calculation thereof; (2) the Y2K defects and why they are material; and (3) the defendant's state of mind. Id. § 103. All of these must be pled with "particularity." Where state of mind is at issue, a plaintiff must state "facts giving rise to a strong inference that the defendant acted with the required state of mind," a pleading standard derived from the Private Securities Litigation Reform Act of 1995, specifically section 21D(b)(2) of the Exchange Act of 1934, 15 U.S.C. § 78u-4(b)(2). Like the 1995 securities litigation reform statute, discovery in year 2000 actions would generally be stayed while a motion to dismiss is pending. See Readiness Act § 103(d)(2).
The Readiness Act would also create an absolute bar to recovery if a plaintiff did not reasonably take steps to mitigate its injury, and the damages awarded in any action shall exclude "any amount that the plaintiff reasonably could have avoided" in light of the disclosure and other information of which the plaintiff was or reasonably could have been aware. Id. § 104.
Contractual Matters: In year 2000 actions involving contracts, any uncertain contractual terms or issues not governed by the contract are generally to be resolved by reference to the law in force at the time the parties entered into the contract. See, e.g., id. §§ 201(1), 203; see also id. § 202(b) (providing that applicability of doctrines of impossibility and commercial impracticability shall be determined by law applicable as of Jan. 1, 1999). The Readiness Act would also permit defendants to offer evidence that their implementation of the contract at issue was reasonable, although it is unclear whether this provision creates a defense or merely preserves any state law defenses. Id. § 202(a).
Non-Contractual Matters: The Readiness Act would make it substantially more difficult for plaintiffs to prove tort damages, and, even if damages are proven, the legislation would cap such damages.
If a non-contractual claim includes as an element the defendant's awareness of an actual or potential year 2000 failure, in order to establish that element, the plaintiff would have to prove by clear and convincing evidence that the defendant knew, or recklessly disregarded the risk that the year 2000 failure would occur. Id. § 302(a). If a non-contractual claim includes as an element the defendant's awareness of actual or potential harm to the plaintiff, the plaintiff would again have to prove by clear and convincing evidence that the defendant knew, or recklessly disregarded a known and substantial risk that the plaintiff would suffer such harm. Id. § 302(b). For all non-contractual claims, a plaintiff would have to prove by clear and convincing evidence that the defendant knew or should have known that its actions would cause harm to the plaintiff, i.e., that the harm was foreseeable. Id. § 302(c). (4) Even if a plaintiff could prove the necessary elements, a defendant would have available as a complete defense (other than to a claim for breach of contract) the fact that it took reasonable measures to prevent the year 2000 failure or any resulting damages. Id. § 303(2).
With respect to damages, a plaintiff asserting a claim in tort would not be able to recover economic losses unless the plaintiff established that such recovery is provided for in a contract or that the losses are incidental to an injury to a person or property (other than the property that is the subject of a contract). Id. § 305(a). Punitive damages would be available only if a plaintiff proves that a defendant intended to injure the plaintiff, id. § 304(b), and would be paid not to the plaintiff, but rather into a fund to be used to assist small businesses, state and local governments, and non-profit organizations affected by Y2K failures, id. § 304(a).
Class Actions: The Readiness Act would set up substantial barriers to the maintenance of year 2000 actions as class actions, and would funnel such actions into federal court. Among the numerous mechanisms are: (1) a requirement that the court determine early in the action that the alleged Y2K defect is material as to a majority of the members of the class, id. § 401; (2) a strict actual notice requirement with specified contents to the notice, id. § 402; (3) lower barriers to the maintenance of year 2000 class actions in federal court, id. § 404(b), but provisions for abstention by district courts for certain cases, e.g., low-value cases or geographically concentrated classes, id. § 404(b); (4) removal of year 2000 class actions to federal court, id. § 404(e); and (5) transformation by a federal court of a removed class action into an individual action and remand to state court if the court finds a lack of diversity jurisdiction, id. § 404(f).
Attorney-Client Relations: Finally, the House Readiness Act, but not the Senate Fairness Act, sets forth strict requirements regarding attorney-client relationships. The Readiness Act would provide for substantial limits on attorney's fees in class actions, specifically the lesser of one-third of any recovery or the amount calculated at capped hourly rates. Id. § 503. The Readiness Act also would require that attorneys transmit to clients certain information about fees, settlement proposals, and hours expended by the attorney on the matter. Id. §§ 504-506. The latter provisions would apply to both plaintiff and defense counsel.
Administration and Other Reactions to Fairness Act: In testimony before the Senate Judiciary Committee on March 1, 1999, the Department of Justice ("DOJ") expressed serious reservations about the constitutionality of some provisions of the Fairness Act and about the wisdom of some of the policies embodied in that proposed legislation. Principal among its criticisms, DOJ expressed concern that, to the extent the Fairness Act would alter contractual obligations by creating additional defenses, see Fairness Act § 202, the Fairness Act may be considered a violation of the Takings Clause of the Fifth Amendment. DOJ also raised the issue of whether, as a matter of federalism, it was possible for Congress to prevent state legislatures and courts from modifying their own substantive law in light of the Fairness Act's mandate that substantive state law be applied as it existed on a particular date. See id. §§ 201-203. More generally, DOJ questioned whether the Fairness Act would protect businesses and individuals from frivolous year 2000 actions without foreclosing legitimate claims, and whether the Fairness Act would provide sufficient incentives to businesses and individuals to prevent Y2K failures before they occur.
The Judicial Conference of the United States, the principal policy-making body of the federal court system, has also criticized the provisions of the Fairness and Readiness Acts, as well as those of the Y2K Act, discussed below, that would expand federal jurisdiction over Y2K class actions, and thereby potentially overwhelm already heavily burdened federal courts. See Administrative Office of the U.S. Courts, News Release at 2 (dated Mar. 16, 1999).
In response to these and other criticisms, see generally Stephen Barr, Senate Panel's Liability Bill Faces Strong Opposition, Wash. Post, March 26, 1999, at A31, several major changes were made to the Senate Fairness Act at a mark-up session held on March 25, 1999, including: (1) reworking the timing of the prelitigation and "cooling off" procedures; (2) clarifying that the statute would apply to the federal government where it does not act in its, regulatory, supervisory, or enforcement capacities; (3) retaining, in modified form, a plaintiff's duty to mitigate its damages; (4) clarifying that contracts, including provisions limiting liability, would be fully enforceable, except where they were contrary to a state statute in force as of January 1, 1999, and (5) emphasizing the economic loss rule embodied in section 305 of the Fairness Act. See S. 461, §§ 3(11)(B), 101, 104, 201, 301 (as amended Mar. 25, 1999).
B. Y2K Fairness in Litigation Act
Perhaps in response to the perceived breadth of the Fairness and Readiness Acts, on March 25, 1999, Senator Dodd and Representative Anna Eshoo of California introduced in both the Senate and the House the Y2K Fairness in Litigation Act, S. 738, 106th Cong. (1999); H.R. 1319, 106th Cong. (1999) (the "Fairness in Litigation Act"). The Fairness in Litigation Act retains the provisions of the original Readiness and Fairness Acts relating to prelitigation procedures, heightened pleading requirements, and a duty to mitigate damages. See Fairness in Litigation Act §§ 101-104.
With respect to actions involving contracts, the Fairness in Litigation Act retains most of the provisions of the Readiness and Fairness Acts, except the explicit limits on punitive damages. Compare Fairness in Litigation Act §§ 201-202 with Readiness Act §§ 201-203 and Fairness Act §§ 201-203.
With respect to non-contractual matters, the Fairness in Litigation Act would mirror the Readiness and Fairness Acts' provisions regarding proportionate liability, proving a defendant's state of mind, proving foreseeability, a defense of reasonable efforts, and the limitation of damages to economic losses. The Fairness in Litigation Act does not retain, however, the added "state of mind" elements for tort claims, the limit on punitive damages, or the limit on the liability of corporate officers and directors. Compare Fairness in Litigation Act §§ 301-304 with Readiness Act §§ 301-306 and Fairness Act §§ 301-306.
Finally, the Fairness in Litigation Act retains none of the provisions of the Readiness and Fairness Acts regarding class actions, federal jurisdiction, or attorney-client relations, except the requirement that a Y2K defect be material as to a majority of the members of a class. Compare Fairness in Litigation Act § 401 with Readiness Act §§ 401-508 and Fairness Act §§ 401-404.
C. The Y2K Act
On January 19, 1999, Senator John McCain of Arizona introduced the Y2K Act, S. 96, 106th Cong. (1999). As originally introduced, the bill provided for substantial limits on damages in actions for Y2K-related failures, and for specific rules for recovering against sellers, renters, and lessors of "information technology products." On March 3, 1999, the proposed Y2K Act was substantially marked up to close the gap between the Y2K Act, the Readiness Act pending in the House, and the Fairness Act pending in the Senate. On March 10, 1999, the Y2K Act was reported out of the Commerce, Science, and Transportation Committee and is scheduled to be voted upon in the Senate sometime in the near future. On April 22, 1999, the Senate Commerce Committee again marked up the Y2K Act.
Application: The Y2K Act would apply to any "Y2K action," defined as "a civil action commenced in any Federal or State court, or an agency board of contract appeal proceeding, in which the plaintiff's alleged harm or injury resulted directly or indirectly from an actual or potential Y2K failure, or a claim or defense of a defendant is related directly or indirectly to an actual or potential Y2K failure." Y2K Act § 3(1)(A). A Y2K action includes a civil action commenced by a governmental entity when acting in a commercial or contracting capacity, but does not include an action brought by a governmental entity acting in a regulatory, supervisory, or enforcement capacity. Id. §§ 3(1)(B), (C). This definition correlates roughly with the definitions in sections 3(11) and 3(12) of the Readiness Act. A "Y2K failure" is defined as a failure by any device, system, software, or firmware, to "process, to calculate, to compare, to sequence, to display, to store, to transmit, or to receive year-2000 date-related data, including failures (A) to deal with or account for transitions or comparisons from, into, and between the years 1999 and 2000 accurately; (B) to recognize or accurately to process any specific date in 1999, 2000 or 2001; or (C) accurately to account for the year 2000's status as a leap year, including recognition and processing of the correct date on February 29, 2000." Id. § 3(2). This definition correlates with the definition of "year 2000 failure" under the Readiness Act. See Readiness Act § 3(13).
The Y2K Act would apply "to any Y2K action brought in a State or Federal court after February 22, 1999, for a Y2K failure occurring before January 1, 2003" and would preempt any state law regarding recovery for harm caused by a Y2K-related failure to the extent state law is inconsistent with the Y2K Act. Y2K Act §§ 3(1), 4(e). The Y2K Act does not apply to a claim for personal injury or for wrongful death. Id. § 4(c). In any Y2K action, any written contractual term, including a limitation or an exclusion of liability, or a disclaimer or warranty, shall be strictly enforced unless the enforcement of that term would manifestly and directly contravene applicable state law embodied in any statute in effect on January 1, 1999, specifically addressing that term. Id. § 4(d).
Limits on Damages: The Y2K Act provides that in any Y2K action in which punitive damages are permitted by applicable law, the defendant shall not be liable for punitive damages unless the plaintiff proves by clear and convincing evidence that the applicable standard for awarding damages has been met. Id. § 5(a). It would also cap any punitive damages at the greater of three-times actual damages or $250,000. Id. § 5(b)(1). If punitive damages were to be awarded against someone sued in his or her individual capacity whose net worth is less than $500,000, or against an unincorporated business, partnership, corporation, association, organization, or unit of local government with fewer than 25 employees, the amount would be capped at the lesser of three-times actual damages or $250,000. Id. § 5(b)(2).
In addition, any damages awarded would exclude damages that a plaintiff could reasonably have avoided based on information it had or should have had, including information disseminated by the defendant. Id. § 9. Finally, liability under the Y2K Act could be several, but not joint, and would be proportionate based on fault. Id. § 6. The only exception to this rule is if the jury determines that the defendant acted with specific intent to injure the plaintiff or knowingly committed fraud. Id. § 6(c). The Y2K Act also provides a mechanism for the plaintiff to seek from all defendants their share of any uncollectible share for which another defendant is liable, id. § 6(d), and for a right to contribution among defendants in certain limited circumstances, id. §§ 6(d), (e) ,(f).
Prefiling Notice: Like the Readiness Act, the Y2K Act would provide that before filing any Y2K action, a plaintiff would have to provide all prospective defendants with written notice of the "manifestations of any material defect alleged to have caused harm or loss," the harm or loss allegedly suffered, the remedy sought, the basis for the remedy, and the identity of the plaintiff's representative who could negotiate a resolution of the dispute. Id. § 7(a); compare id. with Readiness Act § 101. "Material defect" is defined under the Y2K Act roughly as it is under the Readiness Act. Compare Y2K Act § 3(4) with Readiness Act § 3(5). Within 30 days after receipt of the notice, each prospective defendant must send a written statement acknowledging receipt of the notice, and describing the actions it will take or has taken to remedy the problems identified in the plaintiff's notice and by notifying the plaintiff whether it would be willing to engage in alternative dispute resolution. Id. § 7(c). If the prospective defendant responds within the 30-day period, the plaintiff must allow that entity an additional 60 days to complete the proposed remedial action before commencing an action. Id. § 7(e).
If a plaintiff fails to provide the required notice or has not waited the required 60 days after receiving an acknowledgement from a defendant, that defendant can notify the court and the court will stay all discovery and the time for filing an answer. Id. § 7(f). This pre-filing waiting period requirement is subject to any contractually agreed-upon waiting period and does not preempt any State procedure with respect to ADR. Id. §§ 7(g), (h). This section does not interfere with or bar a plaintiff's right to provisional remedies. Id. § 7(i).
Pleading in Y2K Actions: Similar to the approach taken in the Readiness Act, pleading standards would be elevated under the Y2K Act. Specifically, in any Y2K action, a plaintiff would have to include with the complaint a statement of : (1) "specific information as to the nature and amount of each element of damages and the factual basis for the damages calculation"; (2) "specific information regarding the manifestations of the material defects and the facts supporting the conclusion that the defects are material"; and (3) "facts giving rise to a strong inference that the defendant acted with the required state of mind," if state of mind is relevant to the plaintiff's cause of action. Id. § 9.
Contract-Related Claims: In general, contract terms in Y2K actions, including limitations or exclusions of liability, would be fully enforceable, unless the court were to determine that the entire contract is unenforceable. Id. § 4(d)(1). Issues on which a contract is silent would be interpreted under the law in force at the time the parties entered into the contract. Id. § 4(d)(2).
Damages for contract claims would not include any type of damages, including consequential or punitive damages, unless provided for by contract or, if a contract is silent, by operation of state law at the time the parties entered into the contract, or by operation of federal law. Id. § 11.
Tort Claims: Tort claims in Y2K actions would be subject to several defenses and would be more difficult for plaintiffs to prove. In order to recover on a claim an element of which is the defendant's awareness of a potential Y2K failure, the plaintiff would have to prove awareness or reckless disregard of a potential Y2K failure by clear and convincing evidence. Id. § 13(a). In addition, damages for economic losses would only be available to a tort plaintiff if such losses were available under relevant state law and either were provided for by contract, or resulted directly from damage to tangible property caused by the Y2K failure (other than the property that is the subject of the contract). Id. § 12(a). The Y2K Act defines "economic loss" to be any damages other than those awarded to compensate an injured party for losses to tangible property. Id. § 12(b).
Liability of Officers and Directors: The Y2K Act limits the personal liability of any officer, director, trustee, or employee of a business or entity acting in that capacity to no more than the greater of $100,000 or the amount of pre-tax compensation received by that officer, director, trustee, or employee during the 12 months preceding the act or omission for which liability is imposed. Id. § 14(a). This limitation does not apply if it is found by clear and convincing evidence that the officer, director, trustee, or employee made statements intended to be misleading regarding any Y2K problem. Id. § 14(b).
Class Actions: Like the Readiness Act, the Y2K Act would change substantially the procedural rules for maintaining class actions. First, such an action would only be maintainable as a class action if the alleged defect is material "as to the majority of the members of the class." Id. § 16(a)(2). Second, the Y2K Act requires that notice shall be given by mail to each individual member of the class and shall provide specific information about the case, including the fee arrangements with counsel. Id. § 16(b). Third, the Y2K Act would make it easier to maintain Y2K class actions in federal court under diversity jurisdiction if the amount in controversy is greater than $1,000,000. Id. § 16(c). This expanded jurisdiction would not apply if a substantial majority of the members of the proposed plaintiff class are citizens of a single state; the primary defendants are citizens of that state, and the claims asserted will be governed primarily by the law of that state. Id. § 16(c)(2).
In the Senate committee report on the Y2K Act, S. Rep. No. 106-10 (1999), Senator Ernest F. Hollings of South Carolina offered several major criticisms of the initial mark-up of the Y2K Act. Generally, Senator Hollings finds the Y2K Act excessively in favor of large defendants, to the detriment of small businesses and consumers, and that the legislation targets not only frivolous lawsuits, but also too many potentially meritorious lawsuits. Furthermore, Senator Hollings suggests that the Y2K Act will confuse, rather than clarify, Y2K-related litigation and accordingly, will promote, rather than reduce, such litigation. Finally, Senator Hollings fundamentally rejects the notion that shielding an entity from liability for not becoming Y2K compliant can inspire it to become compliant and "find[s] it unacceptable that Congress should pass laws to shield an entity either from liability for wrongful acts it already has committed, or from liability it might face for not doing what it is obligated to do." Id. at 8-14.
D. Year 2000 Consumer Protection Plan Act
On January 6, 1999, Representative Donald A. Manzullo of Illinois introduced the Year 2000 Consumer Protection Plan of 1999, H.R. 192, 106th Cong. (1999) (the "Consumer Protection Plan Act"). The principal innovations contained in this bill are limitations on the amount of damages for Y2K-related computer failures and procedural changes in litigation involving such failures.
Application: The Consumer Protection Plan Act would apply in all civil actions, wherever brought, seeking damages caused by a "year 2000 processing" failure, except for actions initiated by a "Federal, State, or other public entity, agency, or authority acting in a regulatory, supervisory, or enforcement capacity." Id. §§ 2(1), 3(a). "Year 2000 processing" is defined as "the processing (including calculating, comparing, sequencing, displaying, or storing), transmitting, or receiving of date data from, into, and between the 20th and 21st centuries, and during the years 1999 and 2000, and leap year calculations." Id. § 2(4). Significantly, however, the bill would not apply to any action arising out of an "express written contract." See id. § 5; see also id. § 2(3) (defining express written contract). Under this provision, the bill could be read not to apply to any action between parties to an express written contract, even if the action includes non-contractual causes of action. The bill is also not clear whether a standard consumer warranty and/or shrink-wrap license would be covered by the statutory definition of an "express written contract" and, therefore, not governed by the Consumer Protection Plan Act.
Alternative Dispute Resolution and Limits on Class Actions: All civil actions in which a plaintiff seeks damages caused by a year 2000 processing failure, disruption, or error would be referred by the court to a "mandatory arbitration proceeding." Id. § 3(b). The Consumer Protection Plan Act does not clearly indicate whether the arbitration would be binding, nor does it express any preference regarding the form the arbitration proceeding would take. Furthermore, the bill does not indicate whether the arbitration award would need to be enforced in a court, or whether it would be subject to any judicial review. Regarding class actions, the bill would require that all class actions for Y2K-related damages be brought in the federal district court "where the failure occurred." Id. § 4. The bill is not clear whether this requirement applies only with respect to the named plaintiff or all members of a putative class.
Proof and Availability of Damages: In order to recover damages for a year 2000 processing failure, disruption, or error, a plaintiff would have to prove by a preponderance of the evidence that: (1) the failure, disruption, or error caused a loss that was foreseeable; (2) the defendant's action or inaction as an "end user" of software or hardware was unreasonable; and (3) the loss was proximately caused by the defendant. Id. § 3(c). It is unclear what exactly the bill means by requiring a plaintiff to prove that the defendant's behavior as an end user of software was unreasonable. As drafted, arguably the manufacturer or retailer who sold a product or system, but who was not an "end user" itself, would not be subject to a claim for damages if that product or system failed because of Y2K.
The only damages available in an action covered by the Consumer Protection Plan Act would be for personal injury and related injuries, wrongful death, property damage (e.g., lost profits and replacement costs), and punitive damages. Id. § 3(d). Punitive damages would only be available for willful and wanton conduct proven by clear and convincing evidence, where the damage is to other than property, and would be capped at three-times actual damages. Finally, damages would only be available against the director or officer of a corporation if he or she failed to exercise due diligence "in overseeing the direction of an act cited by the plaintiff under [section 3](c)." Id. § 3(d).
II. State Legislation
A. Scope of Liability and Availability of Damages; Affirmative Defenses
There are numerous state legislative efforts to limit the types of claims that may be asserted for Y2K-related damages, limit the availability of damages, and create affirmative defenses.
Limits on Claims and Affirmative Defense of Reasonable Efforts: By far, the most common approach to Y2K issues at the state level is to limit the potential defendants to those with whom a plaintiff has a contract, that is, to eliminate tort liability for Y2K-related failures. Another very common approach is to attach various conditions to the elimination of liability for a particular defendant. In most of these legislative efforts, the underlying principle is that those who have made reasonable efforts to protect against Y2K-related failures should be protected from at least some categories of damages under some conditions.
Examples of the different approaches are bills pending in the New Jersey and Arkansas legislatures, and the laws that have been passed in the Virginia and Colorado legislatures. The New Jersey proposal is the most simple in that it would provide that the exclusive remedy in any action resulting from computer date failure "shall be based solely in contract if the plaintiff has not suffered any personal injury, other than emotional harm, as a result of the computer date failure." A.B. 2666, § 3(a) (N.J. 1998).
Similarly, the Arkansas bill would provide for remedies solely and exclusively in contract, and, even then, a defendant would be entitled to a complete due diligence and reasonable care defense if the defendant has made reasonable efforts to inventory and identify critical systems, to identify potential failures, and to prepare and test a contingency plan. H.B. 2030, § 2, subch. 6 (Ark. 1999); see also L.B. 661, § 2 (Neb. 1999) (limiting damages to actual damages based in contract if defendant has made reasonable efforts to protect computer systems or if defendant has complied with all relevant federal laws and regulations); H.B. 76, § 2 (Vt. 1999) (providing for exclusive remedy in contract when defendant has "done everything reasonably possible to prevent the computer date failure," but not for "any person who intentionally caused the computer date failure or who was grossly negligent"); A.B. 1569, § 4 (Cal. 1999) (eliminating liability of suppliers of computer products, except in contract, if suppliers offer specified repair or replacement by certain date); A.B. 905, § 4 (Cal. 1999) (similar); A.B. 999, § 4 (Cal. 1999); H.B. 225, § 2 (Ga. 1999); H.B. 8, § 1 (Md. 1999).
Legislation signed by Virginia's governor on April 7, 1999, S.B. 983, § 1 (Va. 1999), (codified as Va. Code Ann. §§ 8.07-227.1 to 8.01-227.3), also limits claims to contract claims, and also limits the types of damages available. This statute:
Some states limit the conditions under which damages are awardable, but do not eliminate tort claims. For example, on April 5, 1999, Colorado's governor signed the Year 2000 Liability Act of 1999, H.B. 99-1295 (Colo. 1999) (codified as Colo. Rev. Stat. §§ 11-71-103, 13-21-601 to 604, 13-80-101). Effective July 1, 1999, "a business shall have no liability for damages arising out of a year 2000 failure if the business against which the claim is made has made reasonable and timely efforts to identify the potential for such failures in order to attempt to correct or otherwise avert such failures and has taken the following actions:
See id. § 13-201-604(2). Furthermore, "a business' liability for damages . . . shall not exceed the amount of actual damages." Id. § 13-201-604(1). Providing protection against damages if a business has met certain specific conditions with respect to Y2K preparation is a relatively common approach among the states. See, e.g., S.B. 80 § 3(1) (Fla. 1999); S.B. 554, § 21-102(A) (Md. 1999).
As another example of legislation that limits Y2K-related liability, a recently enacted South Dakota law, S.B. 186 (S.D. 1999), provides that "in any lawsuit based on any Year 2000 disruption, evidence of Year 2000 compliance creates a rebuttable presumption that any injury based on a Year 2000 disruption was not caused by negligence of the defendant or that, in any action based on breach of contract resulting from a Year 2000 disruption, failure to perform under the contract was not the fault of the defendant." Id. § 2. This legislation defines "Year 2000 compliance" as "reasonable consultation, assessment, analysis, testing or contingency planning in conformance with generally accepted computer or computer software standards that indicates that any computer or computer software will not suffer a material Year 2000 disruption." Id. § 1(4).
Limits on Damages and Other Affirmative Defenses: There are a number of different approaches to limiting damages. The most common are: (1) to limit potential damages to actual losses; (2) to eliminate non-economic, incidental, and consequential damages, except in cases involving personal injuries; and (3) to allow such damages only under very limited circumstances, i.e., to elevate a plaintiff's burden of proof or to create affirmative defenses. See, e.g., H.B. 1111, § 3(b) (Haw. 1999); L.B. 661, § 2 (Neb. 1999); S.B. 316, § 1 (Pa. 1999) (permitting consequential and incidental damages only if plaintiff proves fraudulent misrepresentation, intentional harm, or gross negligence); S.B. 263, § 1 (R.I. 1999); H.B. 40, § 1 (Tex. 1999) (limiting damages in claim arising out of computer date failure to "costs reasonably incurred to reprogram or replace and internally test" computer systems); A.B. 51, § 9 (Wis. 1999) (providing for consumer recovery of two-times the amount of actual pecuniary losses, plus attorney's fees).
Other proposed legislation explicitly provides for subtraction of any damages that the plaintiff could reasonably have avoided, or damages avoidable by the plaintiff upon the receipt of information required to be provided by a statute. See, e.g., S.B. 80, § 4 (Fla. 1999); S.B. 666, § 12 (Ind. 1999). Finally, a number of proposed state bills would entirely eliminate punitive damages, or subject them to a very high standard of proof. See, e.g., S.B. 80, § 4 (Fla. 1999) (limiting punitive damages to three-times compensatory damages awardable only where defendant intentionally or recklessly misrepresents its Y2K compliance); H.B. 1111, § 3(b) (Haw. 1999) (eliminating punitive damages unless defendant intended Y2K failures, fraudulently entered into agreement to remedy Y2K failures, or knowingly disseminated corrupted data without warning or without effort to correct).
In addition to the various due diligence defenses discussed above, there are a myriad of proposed affirmative defenses for specific defendants, including those who are entitled, as a matter of apparent state policy, to some higher level of protection from liability, for example, corporate officers and directors, small businesses, and providers of Y2K remediation services. One proposed Arizona statute would provide a defendant with an affirmative defense that the defendant notified the buyer of a potential Y2K failure and offered an unconditional free replacement. See S.B. 1294, § 1 (Ariz. 1999). As another example, under a proposed Alaska law, a business with fewer than eleven employees that exercised due diligence or made good-faith efforts to avoid Y2K-related damages and its board members would be immune from damages. H.B. 82, § 2 (Alaska 1999); see also S.B. 598, § 2 (Tex. 1999). Similarly, a recently passed Colorado statute provides corporate officers, directors, and employees with complete immunity if the business with which that individual is associated has made reasonable efforts to take specified corrective measures. H.B. 1295, § 1 (Colo. 1999) (codified as Colo. Rev. Stat. § 13-201-604(3)); see also S.B. 80, § 4 (Fla. 1999) (eliminating personal liability for officers and directors of businesses if they have "secured an assessment by qualified persons to determine actions necessary for the business to become year-2000 compliant" and that assessment meets certain quality standards); H.B. 1523, § 5 (Fla. 1999). Note also that there are also states that are considering legislation that would eliminate due diligence or reasonable care defenses. See, e.g., S.B. 604, § 1 (Md. 1999).
B. Financial Services Companies
There are several pending state bills that treat financial services companies somewhat uniquely. In late March, 1999, the North Dakota legislature passed and the Governor signed S.B. 2303 (N.D. 1999). That legislation provides specific defenses and protections to federally insured financial and credit union institutions, including: (1) limitation of liability to only those in privity of contract with the financial institutions, id. § 4; (2) limitation of damages to actual economic harm, id. §§ 5, 7; (3) proportional liability, id. § 6; and (4) a conclusive presumption that compliance with the regulations of a financial institution or credit union's primary federal regulator is a "good faith effort to make and implement a year 2000 readiness plan," id. § 2. See also S.B. 666, § 10 (Ind. 1999) (limiting liability of financial institutions for the failure of another business to exercise due diligence in mitigating Y2K-related damages or in being Y2K-compliant).
Under a proposed New York statute, A.B. 1949, § 1 (N.Y. 1999); S.B. 1249, § 1 (N.Y. 1999), all banks and trust companies covered by the statute would be required to provide their clients by September 1, 1999, with an explanation of the steps they have taken to avoid Y2K-related errors that may affect a client's access to accounts. Banks and trust companies would also be required to inform their clients of the procedure clients may follow if they do experience errors or problems accessing their accounts. Id. The notice would have to be in a prominent, public location and, at least once prior to September 1, 1999, the financial service company would have to enclose a similar statement in account statement mailings. Id. § 2. New York is also considering legislation that would require "any insurer who has provided a policy to an insured in this state for commercial general liability or electronic data processing coverage [to] provide notice to the policy . . . that such policy does not cover computer programming errors, such as the contingency commonly referred to as the 'year two thousand problem (Y2K)', if that is the case." A.B. 7538, § 1 (N.Y. 1999).
A proposed Connecticut statute would authorize enforcement action by the state banking commission against certain banks if they fail to develop adequate testing or contingency plans. A.B. 6671, § 1(b) (Conn. 1999).
Finally, a proposed California statute would require financial institutions that have a year 2000 problem, as defined, which "results in a consumer being subject to any fee, charge, or penalty from a third party . . . to pay the fee, charge, or penalty, or reimburse the consumer for the fee, charge, or penalty." S.B. 317, § 1(d) (Cal. 1999).
C. Limits on Self-Help Remedies and Penalties Against Consumers
There are several state efforts to prevent creditors from enforcing their rights where a debtor's inability to satisfy its obligations is, or is claimed to be, the result of a Y2K problem that is not the debtor's fault. For example, on April 8, 1999, the Colorado Legislature passed the Year 2000 Citizens' Protection Act, S.B. 99-170 (Colo. 1999) (codified as Colo. Rev. Stat. §§ 13-21-701 to 705). This legislation provides to individuals:
an affirmative defense to any claim or action brought against the individual if the individual establishes that the individual's default, failure to pay, breach, omission, or other violation that is the basis of the claim against him or her was caused, in whole or in part, by a year 2000 failure associated with an electronic computing device, and, if it were not for the year 2000 failure, the individual would have been able to satisfy the obligations that are the basis of the claim.
Colo. Rev. Stat. § 13-21-704(1). If an individual establishes this affirmative defense, the creditor asserting the claim must wait 30 days from the date on which the court dismisses the action on the basis of the affirmative defense to reassert the claim, although the dismissal of the action will not affect the enforceability of the underlying debt. Id. §§ 13-21-704(2), (4). Additionally, if an individual establishes the affirmative defense, it may dispute information regarding the underlying debt with a credit reporting agency that, upon request, must include a short statement regarding the debtor's dispute. Id. § 13-21-704(5). This statute will apply only to causes of action accruing on or after January 1, 2000. Id. § 13-21-705.
As another example of enforcement moratorium statutes, a proposed Arizona statute would freeze all efforts to enforce financial obligations (e.g., a foreclosure action) against "a person who fails to accurately or timely process any information, data, payment or transfer if the failure" is due directly or indirectly to, or arises out of, a Y2K-related error. S.B. 1057, § A (Ariz. 1999). Similarly, the statute would prevent enforcement action against any person or entity that "fails to make timely payments or to complete other financial transactions if the failure" is due to the inability of either party to "make the necessary payments, fund transfers or checking or other financial transactions or to access the necessary data or information." Id. § B. Enforcement could not be resumed until the obligor's ability to make financial transactions "has been fully restored." Id. § D. These limitations on enforcement would apply to, among other things, mortgages, contracts, and consumer credit obligations. Furthermore, credit reporting agencies would be prohibited from entering negative credit information onto a credit report if the negative information is the result of certain Y2K-related problems. Id. § F.
A proposed New York statute, the Citizen's Year Two Thousand Computer and Information System Protection Act, would provide that:
Notwithstanding any other provision of law, no person shall, on matters directly or indirectly affecting a person's property mortgages, credit accounts, banking and/or financial transactions commence (1) a civil action for damages or declaratory/incentive relief; (2) a foreclosure; (3) a default proceeding or any other adverse enforcement action against any person because a computer or information system either failed to function or produced, calculated or generated an incorrect date.
S.B. 418, § 1 (N.Y. 1999); A.B. 7094, § 1 (N.Y. 1999). The proposed legislation does not define "fail to function" or "produce, calculate or generate an incorrect date." Similar statutes have also been proposed in the Washington and Hawaii legislatures. See S.B. 6035, § 3 (Wash. 1999); S.B. 1598 (Haw. 1999). Some of these statutes would also ensure that no other penalties are imposed upon debtors who miss payment obligations as a result of the Y2K problems of others. See, e.g., S.B. 6035, §§ 3-6 (Wash. 1999).
D. Litigation Procedure
Similar to the proposed federal legislation discussed above, see Part I, supra, many states are contemplating changes to procedures relevant to the litigation of Y2K-related claims. Among the changes proposed by particular states are measures:
E. Information Disclosure
State legislatures have also directed their attention at disclosures of information regarding Y2K issues, including:
F. Y2K Remediation Providers
As a final observable trend among proposed state legislation, several pieces of proposed state legislation provide for specific liability rules in actions against software consultants or those who engage in the business of remediating Y2K-related problems. See, e.g., S.B. 316, § 1 (Pa. 1999); S.B. 80, § 6 (Fla. 1999).
Because of the generality of this memorandum, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
1. Except where noted, the state legislation that has already been enacted as of early April, 1999, is related primarily to funding local government efforts to remediate Y2K problems, contingency planning by states, and providing for sovereign and other forms of immunity from suit for states, state governmental units, and state officers. These legislative efforts are beyond the scope of this Memorandum.
2. A companion bill, the Year 2000 Fairness and Responsibility Act, S. 461, 106th Cong. (1999) (the "Fairness Act"), was introduced in the Senate on February 24, 1999, by Senator Orrin G. Hatch of Utah, Senator Mitch McConnell of Kentucky, and Senator Dianne Feinstein of California. The Senate Fairness Act and the House Readiness Act are substantively similar, except where noted.
3. The Readiness Act defines a "material defect" as "a defect in any item, whether tangible or intangible, or in the provision of a service, that substantially prevents the item or service from operating or functioning as designed or intended. Defects that have an insignificant or de minimis effect on the operation or functioning of an item, or that affect only a component of an item that, as a whole, substantially operates or functions as designed, or that have an insignificant or de minimis effect on the efficacy of the service provided, are not material defects within the meaning of this definition." Readiness Act § 3(5). It is not clear under the draft bill whether non-class action claims based on allegedly defective products or systems that do not qualify as "material defects" are barred and/or subject to the prelitigation notification period, although in speaking to several industry proponents of the legislation, we understand this to be the intent.
4. As drafted, this provision may alter state law regarding the existence of a duty between two parties on which a tort claim could be based.
5. Virginia's governor signed this legislation on March 3, 1999. See 1999 Va. Acts ch. 859.
6. California's governor signed the California legislation on September 24, 1998, and Virginia's governor signed the Virginia legislation on April 9, 1999. These laws may have limited applicability in light of the Year 2000 Information and Readiness Disclosure Act (the "IRDA"), P.L. 105-271, 112 Stat. 2386, enacted in October, 1998.