I think that there is room for me to do a little law school analysis on how the Computer Professionals Bill 2011 can affect tort/contract and vice-versa.
Some people think that if there are problems with the deployment of a computer system, you can already sue under existing law such as Contract Law. Unfortunately, it may not be so simple to sue someone for breach of contract as clearly illustrated in the Highlands Towers case.
As an illustration, imagine if someone was contracted to design and build a high-availability cluster managing the stock market. The system guy decided to only install one server instead of a dozen and that one server died from the overload. In this case, the breach of contract is clear as the contract was for the installation of a cluster, not a single server.
Unfortunately, Contract Law is quite clear about the remedies. If I remember correctly you cannot sue someone for an arbitrarily high value, and that value must be agreed upon the contract. It would not be fair to hire someone to build the system for RM1mil and then sue them for RM100bil.
You can sue for specific performance, and they can re-install a high-availability cluster. You can sue for liquidated damages, which would need to be agreed upon the signing of the contract and will not amount to anywhere near RM100bil as no company would open up themselves to a RM100bil suit for a RM1mil contract.
Furthermore, if that person installed a proper cluster and the stock market system still crashed due to overload, this is no longer an issue of a breach of contract – particularly if the contract was specific enough that the installer actually did everything as per contract. Good luck trying to sue them under Contract Law.
However, the stock market system still crashed and people lost a lot of money. Some may have lost their livelihoods and others, their lives. In order for justice to be served, someone must pay. The question is whom and how much.
This is where the law of Tort comes in. There is the whole concept of ‘duty of care’ due and the standards for ‘duty of care’ become much higher for professionals and experts. So, it might be arguable that there was a breach of duty if the installer built the system to spec even if the spec was sub-standard.
It could be then argued that any reasonable systems installer should be able to calculate a load and then advise their clients, Bursa, that the high-availability cluster would not be sufficient to cater to the expected and foreseeable load based on the transaction volume for the last few years. That data may not be publicly available but as the guys designing the system, they could have gotten it with reasonable diligence.
In this kind of scenario, it would be better to sue under a breach of duty or negligence as the facts of the matter are that the systems were not up to par to handle the expected load.
Now, even if the systems guys did a wonderful job and did everything humanly possible to build a high-availability cluster for the stock market system it still crashed. Sometimes, shit just happens. In this case, there may still be room for some other tort. Depending on the scenario, maybe strict liability can apply.
So, the CPB2011 would help in terms of liability. It now becomes clear that whomever who sells services to critical sectors must be a registered computing professional. This person would then be held liable in the event that shit happened. That is what it means to be a professional.
Having the CPB2011 elevates that position and raises the bar for ‘duty of care’ owed. That is why I am not against the CPB2011 on principle. However, the devil’s in the details and I’ve already looked at some of the other details in my earlier post.