Sign of the Times: New York To Require Cybersecurity CLE Credits
When was the last time you attended a CLE course focused on cybersecurity issues? If you’re anything like most lawyers, chances are you’ve never taken one. But if you’re a New York lawyer, that will soon change.
For many members of the legal profession, technology adoption tends to be an afterthought, trumped by the noble cause of client representation. After all, you didn’t go to law school to learn about mobile apps and cloud computing software; your goal was to learn how to practice law.
Unfortunately, the tides of change have other plans. Over the past decade, technology has advanced at unprecedented rates. The internet has become our source of truth, and cloud computing is now the default computing system used by people - and lawyers - worldwide. Mobile devices are prolific in the legal profession, and smartphones are commonplace.
Even before COVID-19, technology was unavoidable. But after the onset of the pandemic, legal technology adoption accelerated at rates never before seen as lawyers sought to keep their firms afloat despite the social distancing requirements and unpredictability of the pandemic.
A side effect of the rapid uptick in technology use by lawyers was the significant increase in cyberattacks, including email phishing, email spoofing, malware, social engineering attacks, and brute force hacking. This was bad news for the law firms that were struggling with technology adoption and implementation and many were wholly unprepared for the frequency and variability of the attacks.
As we try to find a new normal on what may be the other side of the pandemic, cybersecurity concerns are paramount for many law firms, which is why New York’s recently enacted cybersecurity CLE requirement is so timely.
Last month, on June 10th, the Departments of the New York State Supreme Court, Appellate Division issued a Joint Order that requires that all New York attorneys complete one hour of cybersecurity continuing legal education as part of their biannual registration requirement. The Order takes effect on January 1, 2023.
The new CLE requirement encompasses two types of cybersecurity courses. Lawyers will have the option of taking a cybersecurity CLE focused on either ethics or law practice.
The ethics option covers cybersecurity, privacy, and data protection, and ethics, and “must relate to lawyers’ ethical obligations and professional responsibilities regarding the protection of electronic data and communication.”
In comparison, the training related to practicing law encompasses the “technological aspects of protecting client and law office electronic data and communication,…vetting and assessing vendors and other third parties relating to policies, protocols and practices on protecting electronic data and communication; applicable laws relating to cybersecurity (including data breach laws) and data privacy; and law office cybersecurity, privacy and data protection policies and protocols.”
So pick your poison, New York lawyers. Come January, a cybersecurity CLE is in your future. It’s simply a matter of choosing the cybersecurity category that provides the foundational knowledge that you need to maintain your already-existing ethical obligation of technology competence. No matter how you look at it, it’s a win-win situation all around.
Nicole Black is a Rochester, New York attorney, author, journalist, and the head of SME and External Education at MyCase law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].