A new law that will extend Daylight Savings Time by four weeks may adversely affect many common insurance industry business processes by confusing time-sensitive computer applications. The problem is similar in nature to the Y2K bug that threatened computer systems worldwide in 2000, but much smaller in scope and risk.
Insurance industry-specific risk is mostly within the customer service sector, where applications related to claims processing and call centers, many of which register timestamps for regulatory and customer satisfaction reasons, could report times off by one hour, says Julien Courbe, managing director with consulting firm BearingPoint. General business applications -- BlackBerry e-mail devices, calendars, corporate record keeping programs and employee management systems -- could similarly display or log incorrect time-sensitive data.
"A lot of people look at this and say 'an hour is not that big of a deal, we won't worry about it.' But that depends," adds Michael Overly, a partner at Foley & Lardner (Los Angeles), an IT and outsourcing law practice. "If you've got a policyholder holding at a hospital waiting to get authorization for a claim, that could be a very long time."
Pursuant to the Energy Policy Act of 2005, the Daylight Savings Time (DST) rule change will go into effect this March. Clocks will spring forward one hour on March 11, three weeks earlier than usual, and fall back one hour on November 4, a week later than in the past. Daylight Savings Time rules in the United States, Canada and Bermuda will be affected.
Because many computer systems and applications utilize internal clocks that automatically adjust for DST under the old rule, many time sensitive programs could be inaccurate by one hour in the three weeks following March 11 and the week preceding November 4.
Some applications will require patches from their individual vendors to adjust to the new rules, while other programs will require specific code changes. "In most cases, the specific activity of deploying the patch or changing the code is fairly straight forward," Courbe says. "The challenge comes from the magnitude of the effort and the scale of the effort. It takes some time to do the proper inventory and cataloguing of the applications. [It needs to be] comprehensive because you don't want to leave anything behind."
BearingPoint has been working with companies since January to prepare for the rule change, using a "top down and bottom up" approach. The consulting firm has worked with companies' central IT groups to catalogue and inventory IT system applications, while also working with individual business units to identify the systems they rely on. "You compare notes and identify where you have gaps and where the potential areas of focus are," Courbe says.
Foley & Lardner is advising its clients to include a specific provision in future acquisition agreements for hardware and software systems that would require a vendor to say that the product will accurately record the date and time of information.
"Obviously, this is nowhere near as serious as the Year 2000 problems, but it shows that there's this ongoing problem that we are likely to see [again] with regard to the performance of computers and dates and time," Overly says. "If something new does pop up -- six years from now or six months from now -- companies don't have to run and worry about talking to the vendor. It'll be addressed in their contract."
Courbe says that many BearingPoint clients, particularly larger companies, began preparing for the March 11 rules change in December and January. Overly says that many businesses, however, may be behind the ball in DST rule change preparation. "I think some very reasonable businesses, businesses that take this kind of thing very seriously, aren't on top of this because they haven't heard enough about it," Overly says.
If a company was to start preparing right now though, it'd have to prioritize patch deployment and code changes for only its most critical applications, according to Courbe.
"Are they out of luck at this point? No," Overly elaborates. "In a single day, they could probably talk to their five most critical vendors and get a better feeling for what they're doing on this issue. It's never too late to do something."