New York Bar Association Approved Cybersecurity CLE Requirement Recommendation: Cybersecurity Trends

Sure, we’ve seen a couple of states that have added a technology component to their Continuing Legal Education (CLE) requirements.  Do you know which two?  Regardless, now one state may be going a step beyond – adding a cybersecurity component to their CLE requirements.

According to Sharon Nelson’s terrific blog Ride the Lightning (New York Bar Association Recommends Cybersecurity CLE Requirement), the New York State Bar Association (NYSBA) announced on June 13th that it had approved a report from the NYSBA Committee on Technology and the Legal Profession that recommends amending the mandatory continuing legal education rule to require one credit in cybersecurity.

The credit would be included within the “Ethics and Professionalism” category and would not add to the minimum 24-hour biennial rule for experienced attorneys or the 32-hour biennial requirement for new attorneys. This amendment would be effective for four years and then reviewed.


“Protecting our client information and complying with the Rules of Professional Conduct is paramount for New York attorneys,” said State Bar President Scott M. Karson. “If adopted by the Continuing Legal Education Board, New York State would become the first state to implement a cybersecurity requirement for lawyers. I commend the Committee for a terrific and timely report.”

Committee co-chair Mark A. Berman said that voluntary cybersecurity courses do not work. He saw lower attendance in 2018 and 2019 at CLE programs on cybersecurity “as lawyers sent money into cyberspace, paid ransom to unlock their computers and leaked proprietary confidential information in breach of our ethical responsibilities.”

Most lawyers are working from home and more likely to use a mobile device. Berman said, “With a mobile phone, you don’t necessarily have the infrastructure of law firms or the protection of a firm’s network. You might also use home Wifi which may or not be secure.”

Bring Your Home Devices (BYODs) are a topic I’ll be focusing on this week and next on the Ipro blog.  Even before many of us moved to work at home status during the pandemic, adoption of best practices by more lawyers regarding cybersecurity has long been needed in the industry.  Let’s hope that NY completes its process to require cybersecurity CLE “in a New York minute” and that many states follow its lead.


BTW, if you don’t know which two states currently require technology training as part of its CLE requirements (or even if you do), check out Sharon’s blog post here!

Also, just a reminder that on Wednesday, July 15, ACEDS will conduct the webinar Seeing 20/20: Reasonable and Proportional Discovery in 2020 at 1pm ET (noon CT, 10am PT).  Come join Mandi Ross of Prism Litigation Technology, Martin Tully of Actuate Law and me where we’ll discuss challenges with “right-sizing” discovery proportionally and defensibly, what can be leveraged from the rules and relevant case law regarding proportionality, and what best practices can be deployed for quick evaluation of potentially relevant custodians and data sources.  Don’t miss it!

So, what do you think?  Do you think bar associations should require mandatory cybersecurity training for all attorneys?   Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

One comment

Leave a Reply