New York State First to Require Cybersecurity CLE Courses

New York is the first state to require attorneys to take continuing legal education (CLE) courses in cybersecurity, privacy, and data protection. The recommendation, which came from the New York State Bar Association’s Committee on Technology and the Legal Profession, resulted from the findings in its 2022 report on the importance of cybersecurity protection of confidential and proprietary client and law firm electronic information. It was adopted on June 10, 2022, in a joint order issued by the judicial departments of the Appellate Division of the New York State Supreme Court.

The requirement will take effect on July 1, 2023. All attorneys must complete one hour of training every two years in the ethical obligations surrounding cybersecurity, privacy, and data protection, or in the technological and practice-related aspects of protecting data and client communications. Only two other states require technology training as part of a lawyer’s continuing education requirement, Florida and North Carolina. Those states’ CLE requirements allow training in a range of technology topics, including cybersecurity, while New York is the first state to focus its requirement solely on cybersecurity. The Committee agreed that rather than a general requirement, a specific requirement would allow attorneys to focus on cybersecurity, privacy, and data protection as some of the most pressing and urgent issues facing the legal profession.