Starting July 1, 2023, New York will become the first state to instruct attorneys to complete at least one cybersecurity education credit as part of their continuing legal education (CLE) requirements.
Judicial departments formally adopted this recommendation and signed the CLE requirement into effect last June. The education credits will cover cybersecurity, privacy and data protection training to instruct lawyers and mitigate cybersecurity risks in their career.
[Related: Biggest Cybersecurity Threats for NYC Businesses]
Benefits of Cybersecurity for CLE
New York legal professionals will be some of the first in the country to obtain industry-focused cybersecurity training as part of their CLE. This information will not only empower them but also protect their clients’ data.
While New York may be the first state to require specific cybersecurity training as part of lawyers’ CLE, it is just one of 40 state jurisdictions that specifically mandates “technology competence” for legal professionals as an ethics obligation. However, according to the American Bar Association Model Rule 1.6(c), all states require some sort of data security training and general safekeeping measures to secure confidential client information.
In this blog, we’ll examine the requirements of continuing education in cybersecurity for lawyers.
Requirements for CLE
The new requirement calls for at least one hour of CLE related to cybersecurity, privacy and data protection every two years.
These mandatory credits count toward the initial 32-hour CLE requirement for new lawyers in their first couple of years after bar admission. For all other lawyers, they count toward the 24-hour biennial general CLE requirement.
Lawyers can choose to study an hour of cybersecurity training related to either ethical obligations or general cybersecurity, data privacy and data protection issues. If they choose ethics-related credits, they can count as credits for their ethics and professionalism CLE requirements. The general cybersecurity credits can count toward their general CLE requirements.
Below, we’ve listed overviews of each CLE cybersecurity credit type.
[Related: NY SHIELD Act: What It Is and How To Make Sure Your Business Complies]
Ethics-Related Cybersecurity Credits
Ethics-related credits cover training associated with ethical obligations and professional responsibilities regarding data protection. This type of training includes overviews of crucial matters:
- Attorneys’ ethical obligations and their application to electronic data transfer
- Protection of personal, proprietary, confidential and privileged data in the office and in client communications
- Client counseling and consent regarding data transfer and storage policies and privacy protocols
- Escrow fund protection
- Confidentiality issues regarding unauthorized data use or loss via social media, cyberattack, device damage/loss and other incidents
- Employee and vendor guidelines as they relate to handling electronic data
General Cybersecurity Credits
General cybersecurity credits must relate to the practice of law. These credits may include overviews of the following issues:
- Hardware/software and mobile device security
- Transfer and storage of electronic information
- Cybersecurity threat, cyberattack and data breach mitigation and response
- Review and oversight of third-party vendors and others handling confidential data
- Applicable laws and compliance guidelines regarding cybersecurity and data privacy
[Related: Strengthen Your Online Security]
Partner With CMIT Solutions Today
If you’re practicing law in New York City and are serious about cybersecurity and data protection, you’ve come to the right place. Partner with a managed IT provider like CMIT Solutions to feel confident in your firm’s security and client information protection.
Our decades of experience helping an array of industries keep their technology running and secure 24/7 will put your mind at ease.
Let’s get started. Learn more about our managed IT services, or contact us today for a consultation.
Featured image via PxHere