Legal briefing | 22 Jan 2020 |

The Post Office litigation: lessons for IT suppliers and customers

The sorry tale of Bates v Post Office Ltd has a number of salutary lessons for IT suppliers and customers. In an age where businesses are placing ever greater reliance on computer systems to carry out business processes and to make decisions, and with AI technologies being put to ever greater use in analysis and decision making, it is worth taking a few moments to consider what can happen when the balance tips too far in favour of the technology.

WHAT HAPPENED IN THE POST OFFICE CASE?

The Horizon system was a very big, complex IT system, provided by the Post Office for use by sub-postmasters in recording and filing their accounts. It was supplied to the Post Office by Fujitsu, and developed piece-meal over time. The Post Office alleged that some sub-postmasters were fiddling their accounts in relation to their branches, because it could not reconcile local branch accounts with the accounts produced by the Horizon system, and took action against them. That action resulted in some sub-postmasters being declared bankrupt, some losing their homes and livelihoods, and in some cases, being sent to prison. The Post Office refused to acknowledge the sub-postmasters' protestations that it was not them, but bugs and glitches in the Horizon system, which had resulted in the discrepancies in their accounts.

But in December last year, after a series of judgments on preliminary issues in a group litigation claim brought by the sub-postmasters (led by Mr Alan Bates), the Post Office finally agreed a settlement of £57.75 million in favour of the claimants. In one of the preliminary judgments, the court found that bugs in Horizon could have caused the discrepancies which the Post Office had blamed on the sub-postmasters. The judge in the case was so concerned about the evidence from the Post Office's IT supplier, Fujitsu, that he has passed a file to the Director of Public Prosecutions. In particular, there was evidence to indicate that Fujitsu was aware of bugs in Horizon which could cause discrepancies far earlier than they at first stated, but nothing was done to highlight this in the context of the ongoing allegations against the sub-postmasters.

The case has two key take-away points for IT suppliers and customers:

IT suppliers

If you are an IT systems developer or supplier, and you know that there might be a problem with the system you have developed or supplied, then it will normally be preferable to make your customers aware of this at the earliest opportunity. This is particularly the case if you know that the customer is placing a particular reliance on the system, as the Post Office was in the Bates case to support its assertions that sub-postmasters were acting fraudulently.

A further problem in Bates was the lack of proper controls around remote access and data entry (leading to questions over the integrity of information inputted), and the failure to keep proper logs of reported bugs or the outcome of investigations to address or deal with these. The Post Office's position might have been more defensible had it been able to show, via its IT supplier, that problems had been adequately addressed and that there were adequate checks and balances in place.

Evidence of possible flaws in key IT systems needs to be properly investigated, not ignored.

IT customers

From the customer's point of view, the key lesson here is that although there may be a natural inclination to assume that computer systems are more reliable than human beings, that is not always the case. The possibility that a key IT system may be flawed will always be an unwelcome one. But where you are relying on that IT system to help you make decisions about the way you operate your business, the consequences of not facing up to that possibility may prove to be far worse. In this case, the Post Office was dismissive of the sub-postmasters' protestations about Horizon. It went on to make decisions which had a significant impact on their lives, often with serious adverse consequences for them – and now, given the recent settlement, and the damage done to its reputation – to the Post Office itself as well.

        What else can customers do to protect themselves?
    
Make sure your IT supplier is adhering to good industry practice in relation to issues such as data integrity and logging of bugs, and attempts to rectify them (see above); and

There may be situations where, rather than relying on assurances from your IT supplier, and despite the additional cost, it is preferable to have concerns about an IT system investigated by an independent third party, who is likely to provide a more objective assessment.

For discussion of the contractual aspects of the Bates case, see this briefing.

Read Vivien Halstead Profile