What would you do if you were asked to install monitoring software on your network? Gary Allen Gardner of Rosi & Gardner, P.C. in Traverse City, Michigan, shares how he resolved a recent troubling request his firm received.
We were contacted by our credit card processing company, regarding “PCI Compliance” (Payment Card Industry). By email and subsequent list of questions, they wanted to install a piece of scanning and monitoring software on our network, to “ensure compliance” with all credit/debit card anti-fraud measures.
I refused. I think that it would breach a lawyer’s ethical duty to safeguard confidential client information to allow such scanning and monitoring. In our case, it would probably also violate the terms of other certifications that we have made to information service providers (LexisNexis and Thomson West/Reuters) regarding the protection of stored Social Security Numbers and related regulated information. In our case, it would probably also violate our certification to an institution we do collection work for, who provides us with SSNs and related information, and we annually certify that we have taken measures to ensure the protection of that information.
Our solution? I spoke with our IT Consultant, and we are establishing a second, separate network (separate IP scheme, isolated from our internal network) solely for the credit card processing machine. Then, we will be compliant, with no risk of breaching client confidentiality or information protection agreements.
According to our IT consultant some of the firewalls that lawyers are presently using have the capability to run a second network, or VLAN. If not, the device replacement costs about $600 and a couple of hours of IT time to configure it. Inexpensive insurance and solution.
Law Office Manager wants to send you $100.
Tell us how you solved a problem or implemented a successful program, or share any idea we can use in our Reader Tips column. If we publish it, we’ll send you $100. Send your submission to catherine@plainlanguagemedia.com.