House of Commons - Science and Technology

Select Committee on Science and Technology Second Report

CHAPTER THREE: ROLES AND RESPONSIBILITIES

CENTRAL GOVERNMENT DEPARTMENTS AND AGENCIES

20. The Government clearly has a responsibility to ensure that its own systems are millennium ready. In respect of central Government and its agencies, the Chancellor of the Duchy of Lancaster, the Rt Hon Dr David Clark, has been given overall responsibility to ensure that each department and agency is aware of the century date change problem and has in place realistic and costed plans for remedial action.[33] Responsibility for drawing up specific plans and ensuring that they are implemented rests with individual departments and agencies, and their Ministers. The Chancellor of the Duchy of Lancaster has no authority to compel central Government departments or agencies to take action but, as he told us, he does have the tools of publicity and persuasion at his disposal.[34]

21. The Chancellor of the Duchy of Lancaster is also responsible for ensuring that the Government's response to the problems raised by the century date change is coherent and co-ordinated and, through the Central Information Technology Unit (CITU), that adequate support and advice is made available to departments and agencies. The CITU, in turn, has commissioned the Central Computer and Telecommunications Agency (CCTA) to raise awareness, advise departments on best practice and tackle issues of common concern.[35]

22. The Chancellor of the Duchy of Lancaster has also undertaken to monitor progress within central Government and its agencies and to report his findings both to Parliament and to the public at regular intervals. He made his first report to Parliament on 27th November 1997 and at the same time departments' and agencies' plans were published on the Internet. These plans were up-dated on 3rd March 1998. Further information on central Government's progress on millennium readiness has been put in the public domain by publication of the National Audit Office's (NAO) report, Managing the Millennium Threat.[36] (We understand that a further NAO report will be produced shortly.)

23. Despite these activities some witnesses called for greater openness on the part of Government, arguing that this would serve several useful functions, chiefly:

to reassure the public that Government systems would not fail at the millennium and that provision of Government services would continue uninterrupted;

to expose the plans to the scrutiny of independent experts who may be able to spot weaknesses and offer advice; and

to serve to demonstrate to other organisations the seriousness with which the Government is tackling the issue and thus encourage them to take concerted action themselves.

It is, however, questionable whether any one reporting mechanism could achieve all these objectives.

24. We welcome the openness with which the Chancellor of the Duchy of Lancaster has made information on the Government's plans available but we agree that there would be merit in going further. We are not convinced that the information currently provided in the departmental and agency plans is of sufficient quality or detail to enable rigorous or effective scrutiny nor are we convinced that such scrutiny will be conducted unless a specific body is charged to do so. It may be that this function will fall to the newly created 'central team' of experts from Whitehall and the business community, as announced by the Prime Minister on 30th March 1998. We recommend that central Government departments' and agencies' plans and progress be presented in a common format which allows for inevitable variations in the ways in which they are managing their Year 2000 programmes; and, to simplify the process of monitoring progress, a checklist should be developed, setting staged objectives and target dates, against which such reports could be judged.

25. There is a risk that publication restricted to the Internet, which by definition primarily reaches only those with IT facilities and skills, could serve to reinforce the false perception that the century date change is solely an issue for the IT industry and those with expertise in IT. Departmental and agency plans would be more widely available if they were published in a traditional format. We recommend that the Chancellor of the Duchy of Lancaster publish departmental and agency plans and progress reports in conventional format as well as on the Internet.

26. We were also concerned to note that the Chancellor of the Duchy of Lancaster's most recent report to the House of the Commons on the state of readiness of departments and agencies was made in the form of a response to a written question. While this is undoubtably an effective method of keeping the House informed we are not convinced that it is the most appropriate method of ensuring that the information reaches a wider audience or of indicating the importance that the Government places upon the issue of millennium readiness. Statements made in the House in person attract a higher profile and therefore we recommend that the Chancellor of the Duchy of Lancaster reports to the House, at the time of his quarterly reports on the state of readiness in departments and agencies, through an oral, rather than written, statement.

Other Public Bodies

27. Responsibilities for Year 2000 readiness in local authorities and other public bodies, such as health authorities and NHS trusts, fit into a model similar to that which we have already spelt out for central Government (see para 20). Local authorities in England, for example, are responsible for tackling all Year 2000 issues within their own organisations but, as central Government responsibility for local government rests with the Department of the Environment, Transport and the Regions, the Deputy Prime Minister has overall responsibility for ensuring that action is taken. Similarly, although board members in NHS trusts have day to day responsibility for century date change issues, it is for the NHS Executive and, ultimately, the Secretary of State for Health to ensure that each trust is taking effective action.[37] However, unlike the case of central Government, no open or centralised reporting mechanism has been introduced for other public bodies. We believe that this is a weakness. Openness in respect of millennium readiness would deliver the same benefits of public scrutiny and public reassurance to the wider public sector as to central Government. Therefore we recommend the same level of reporting on Year 2000 plans and progress for local authorities and other public bodies as we are suggesting for central Government departments and its agencies, for the same reasons. This should be organised centrally, through the relevant central Government department, with plans published and regular reports to Parliament. We further recommend that the Audit Commission and the Accounts Commission continue to monitor the millennium readiness projects of those parts of the public sector over which they have jurisdiction just as the NAO does in respect of central Government.

Private Sector

28. Responsibility for addressing the century date change issue in the private sector is more clear cut. As several of our witnesses confirmed, millennium readiness is, in many cases, a matter of business survival. Therefore millennium readiness is a matter for chief executives, owners, and directors who have a statutory duty to exercise due care over the operation of their business. Each business or organisation needs to take strategic decisions, based on its own circumstances, resources and objectives, over whether to fix systems affected by the century date change, replace them with compliant systems, or cease performing the operations which are dependent on those systems. Nevertheless, the Government, as it has accepted, does have a role to play, both as a motivator and as a facilitator, flowing in part from its responsibility to provide stable conditions for economic growth and in part from its responsibility to protect citizens from disruption.

TASKFORCE 2000

29. The Government's first response to its duty to stimulate action in the private sector was to collaborate in the creation of Taskforce 2000, a not-for-profit organisation established in August 1996 to raise awareness of the Year 2000 problem with senior decision-makers in industry and commerce.[38] It was funded partly by private companies but the majority of resources came from the Department of Trade and Industry (DTI) which provided £350,000 and, from January 1997, a secondee.[39] Taskforce 2000 also includes representatives from the Confederation of British Industry (CBI), the Computing Services and Software Association, the Federation of the Electronics Industry and the National Computing Centre.

30. Most witnesses felt that Taskforce 2000 had done much to increase levels of awareness of the century date change problem in UK businesses.[40] Nevertheless, by the summer of 1997 there were concerns that more needed to be done to turn awareness into action.[41] Indeed, Taskforce 2000 itself subscribed to such views, telling us last November that awareness levels in the UK "are very high ... but we have not really been very successful when it comes down to really [making companies] understand" the need for action.[42] In response to such concerns the DTI launched Action 2000 and announced that DTI funding for Taskforce 2000 would cease on 31st March 1998 "or when the £350,000 to which we are committed has been spent, whichever is the sooner".[43]

ACTION 2000

31. The creation of Action 2000 was announced at the end of September 1997. Its purpose is "to focus on the action that businesses need to take to fix their systems, rather than simply raising awareness".[44] It is charged with co-ordinating work on Year 2000 issues across the private sector, providing easy access to best practice for businesses, identifying ways to address shortages of people with relevant skills and monitoring progress. The DTI initially announced that £1 million would be made available to finance Action 2000 activities in the first year although successive increases have been announced, raising this sum to £17 million.[45]

Regulatory Bodies

32. There are also various public sector regulatory bodies which have generic responsibilities to ensure that the organisations they regulate operate within certain parameters. One of the most critical responsibilities of all regulatory bodies falls to the Health and Safety Executive which has a statutory duty to ensure that 'duty-holders'-usually employers-in factories, mines, farms, railways, chemical plants and offshore and nuclear installations, comply with the provisions of health and safety legislation. Where, therefore, failures in systems resulting from an inability to manage the century date might pose a risk either to the workforce or the public, the HSE has a role in ensuring that appropriate precautions are taken by those controlling such sites. Local authority enforcement officers have similar responsibilities in respect of a wide range of premises including shops, warehouses, most offices, hotels and leisure centres.

33. The HSE told us that it was "fully seized of the safety-critical implications of computer software failure".[46] Its approach to enforcement consists of four elements:

conducting research to gain a better understanding of the nature and scope of the problem;

raising awareness among duty-holders;

co-operating with other agencies such as the DTI and Action 2000; and

formal enforcement through the use of improvement and prohibition notices and, if necessary, through prosecution.[47]

34. This is a commendable approach to take. We were reassured by what the HSE told us regarding high risk sites. For instance, in respect of nuclear installations, the HSE said that "none of the safety-critical systems related to the nuclear reactor itself are time/date dependent. We are satisfied on that point. Neither is there any linkage with other systems where there is such a dependency".[48] Nevertheless, failures in other systems at such sites could still cause problems which might, in turn "impair the command structure's ability to cope with running the plant as a whole".[49] Consequently, operators of such sites are required to demonstrate to the HSE that they are addressing century date change problems in all systems, not just safety-critical ones. The HSE also told us that they would be visiting each high risk site at least once, and probably more often, before the millennium. We congratulate the HSE for the robust approach it has taken in respect of high risk sites.

35. We are, however, concerned that there seems to be a distinct lack of urgency on the part of the HSE with respect to the lower risk sites within their remit. They told us that "this coming year we ... are in the awareness raising phase, getting information out to people. We will learn more about the size of the problem and we will learn more about the specifics of the problem. There may be some sectors ... where we need to do more".[50] We would have hoped that, with less than 90 weeks left before the millennium and the strong possibility of failures in systems before then, the HSE had raised awareness in all lower risk sites. We recommend that the HSE ensure that all such sites are made aware immediately of the problems which the century date change might cause and their responsibilities to make their systems compliant.

36. Other regulatory authorities, such as the Bank of England, the Civil Aviation Authority or the Office of Electricity Regulation, also have a duty to ensure that the organisations they regulate continue to operate in particular ways, often with regard to continuity of provision of service or the provision of services in a timely and safe manner. Where such operations could be affected by century date change related failures, regulators need to ensure that effective remedial action is being taken. Regulatory authorities have a crucial role to play in galvanising into action those sectors for which they have responsibility but it has not been possible, nor would it be appropriate, for us to scrutinise the Year 2000 related activities of each one. We recommend that the Government ensure that each regulatory body is fully seized of the implications of the Year 2000 problem for the sectors they regulate and is promoting effective and timely remedial action on the part of individual organisations. We further recommend that each Government department produce regular reports to Parliament on the Year 2000 related activities of the regulatory bodies they sponsor.

Motivators in the Private Sector

37. There are numerous others, many in the private sector, that also have a role in encouraging organisations and individuals to make adequate preparations for the century date change. Many, as some of our witnesses demonstrated, are stimulating remedial action as a result of enlightened self-interest, realising that they are critically dependent on other organisations-their suppliers and customers for instance-also being ready.[51] Some banks, recognising that there are "significant implications ... if business customers are seriously disrupted or even go out of business because of Year 2000 problems", have sought to raise awareness and offer advice to business customers.[52] Similarly, some insurance companies are raising awareness among their policy-holders, perhaps seeking to reduce the possibility or value of claims against Year 2000 related failures.[53]

38. Others have more immediate reasons for concerning themselves with the precautions taken by organisations to address Year 2000 issues. Auditors have an obligation to "make appropriate enquiries to obtain a sufficient understanding of any material impact on the financial statements subject to their audit"[54] and have been issued with guidance from the Institute of Chartered Accountants of England and Wales. This suggests the enquiries that it is appropriate for them to make in relation to millennium readiness and the circumstances under which it would be appropriate to qualify the accounts of companies not making sufficient progress.

Legal Requirements for Millennium Readiness

39. There is no specific legislation which requires organisations or individuals to ensure that their systems are millennium ready. Nevertheless, organisations in some sectors may find their ability to operate in accordance with legislation compromised by Year 2000 problems. For example local authorities have a statutory obligation to ensure the provision of certain services; organisations with systems which process personal data are required to conform with the provisions of data protection legislation;[55] and those organisations subject to health and safety legislation could find themselves subject to prosecution if systems' failures compromise their ability to comply. Indeed, we were told that "there is already a formidable range of legal sanctions-from company law to health and safety to investor protection and beyond-which may eventually be invoked against companies which fail to sort out their Year 2000 problems".[56] Redress could be sought in a number of circumstances, for instance, by those attempting to recover the costs of replacing deficient equipment or where systems failure causes interruption of business, damage to property or personal injury. Many organisations or individuals may seek redress under the Supply and Sale of Goods Act 1994 which brought in the implied term that goods must be of 'satisfactory quality' and which covers, as Allen and Overy told us, goods containing software or embedded chips.[57]

40. Nevertheless, many of our witnesses agreed with Barclays Bank who told us "relying on legal remedies to address the problem is illusory".[58] Shell UK told us that "the consequences of non-compliance are usually much greater than the cost of remedy" and the BBA that "litigation is not a solution. Businesses cannot afford to wait ... to deal with the problem".[59] For many businesses recourse to legal action after the event would be too late to be of benefit, especially if they are unable to continue to trade for any significant length of time. Moreover, as Allen and Overy pointed out, "the fact that a legal remedy is available does not mean a consumer will always be able to enforce that remedy. In particular, where a supplier of defective goods is forced into insolvency ... because of a multiplicity of claims, individual consumers are unlikely to recover from that supplier".[60] Those in England, Wales and Northern Ireland seeking redress under the sale of goods legislation must do so within the statutory period of six years from the date of purchase which means that equipment or software failures at the millennium will only be actionable if the goods were supplied after 1993.[61] (Consumers in Scotland have a period of up to five years after damage to a product occurs, in which to make a claim.) Moreover, organisations would be unwise to rely on insurance policies to cover legal costs or damages as many insurance companies are considering introducing Year 2000 exclusion clauses.[62] For these reasons we conclude that organisations should not consider legal action as a primary remedy to Year 2000 problems but as a last resort and should not plan to enter litigation in preference to taking preventative action now. We strongly believe that this is a message which Action 2000 should promulgate widely and loudly.

41. While we firmly believe that organisations would be foolish to rely on legal redress or compensation to mitigate the consequences of non-compliance, it is likely that many dissatisfied with goods or services that have failed to function properly will seek legal redress. Indeed, Masons Solicitors told us that they expect a substantial number of legal actions to arise as a result of the century date change.[63] Taskforce 2000 stated that there was hardly a firm of solicitors in the City of London that did not have a partner specialising in millennium issues.[64] The risk of legal action on the part of those affected by century date related failures reinforces the need for all organisations to undertake thorough Year 2000 preparations to ensure that their systems, products and services are millennium ready. It should also be seen as a reason to keep thorough and accurate records of all remedial measures in case called upon by the courts to demonstrate that all reasonable steps to avoid system failures were taken.

Leadership

42. Despite all the different factors that may stimulate organisations to address Year 2000 issues, and all the people and organisations who are playing a role in encouraging them to do so, several witnesses regretted that there was no overall source providing information, co-ordination and direction for the UK as a whole on Year 2000 issues. Coopers and Lybrand told us that "one of the major problems ... is the lack of co-ordination between all the different groups working to try to resolve the problem"[65] and the UK Year 2000 Interest Group that "strong leadership is required".[66] The Government is the only organisation that can provide such co-ordination and leadership across all sectors and indeed a number of different Committees and groups have been formed to tackle issues which affect both the public and private sectors. Moreover, since starting our inquiry, the Prime Minister has taken a lead in raising the profile of the century date change problem. We welcome this. The leading role adopted by the Prime Minister needs to be supported by a coherent, well-structured programme. We look to Action 2000, the Cabinet sub-committee (MISC 4) and the newly created central team in the Cabinet Office to provide this.

33 Q. 396. Back

34 Q. 404. Back

35 National Audit Office, Session 1997-98, Managing the Millennium Threat, May 1997, HC 3, para 2.3. Back

36 Ibid. Back

37 Q. 373. Back

38 Ev.p. 1. Back

39 Ev.p. 34. Back

40 eg. Q. 116. Back

41 Ev.p. 34. See also Q. 116. Back

42 Q. 8. Back