NYCLA supports the New York CLE Board’s proposed amendment to the CLE Rules requiring attorneys to complete a CLE credit in a new category – Cybersecurity, Privacy and Data Protection.


Cyber-attacks are on the rise, and ethical concerns about keeping client information confidential, safe and secure are of paramount importance. Additionally, with technology advancing rapidly, governments are responding with cybersecurity legislation and regulation.


Law firms, older and younger attorneys can no longer ignore cybersecurity knowledge and more than ever need to be prepared. This requirement will help them mitigate risk and shape a security strategy and an incident response plan for their practice.


Factors that make this requirement necessary:


  1. This amendment to the CLE rules will provide needed insight into the latest cybersecurity trends and policies for many who still do not take these issues seriously.
  2. Uninformed attorneys still use
  3. social media to post inappropriate material, which may run afoul of the Rules of Professional Conduct.
  4. Cybersecurity CLE programs will provide the knowledge needed to help lawyers gain practical experience operating, maintaining, and defending the information systems that drive their law practice.
  5. The Covid-19 pandemic continues to place issues concerning collecting and using personal data front and center. Coupled with the growing epidemic of cyberattacks in the current remote working environment, where cybercriminals see lawyers as easy targets, intense discussions over the need for privacy and cybersecurity regulation are paving the way for a concerted response by the federal US government.
  6. All three branches of the federal US government are actively taking steps to confront the privacy and cybersecurity questions of the day.
  7. The real action continues to be not in Washington, DC, but instead in the 50 US states. California’s far-reaching, comprehensive privacy bill called ‘California’s GDPR’ went into effect on 1 January 2020 and California voters approved an even more comprehensive law called the California Privacy Rights Act (CPRA). Numerous other states (such as Virginia and Colorado) have enacted or are considering important new privacy legislation.


In collaboration with the CLE Institute, the NYCLA Law and Technology Committee has been offering courses covering these topics for several years, as have the Ethics Institute and our annual National/Cyber Security Program, which NYCLA has been sponsoring for the past seven years. This new CLE requirement will be the needed impetus for reticent attorneys to take cybersecurity and client information security and confidentiality seriously.


The time is right for the proposed changes to the CLE requirements to make New York the first state to have a timely and important cybersecurity CLE requirement.


While we support the proposed Cybersecurity, Privacy and Data Protection category of CLE credit, we also suggest that the categories of CLE credit required for attorneys be reviewed and evaluated periodically to ensure that the ever-evolving educational needs of New York attorneys are continually being addressed.