Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

New York Bar Association Recommends Cybersecurity CLE Requirement

June 29, 2020

The New York State Bar Association (NYSBA) announced on June 13th that it had approved a report from the NYSBA Committee on Technology and the Legal Profession that recommends amending the mandatory continuing legal education rule to require one credit in cybersecurity.

The credit would be included within the "Ethics and Professionalism" category and would not add to the minimum 24-hour biennial rule for experienced attorneys or the 32-hour biennial requirement for new attorneys. This amendment would be effective for four years and then reviewed.

"Protecting our client information and complying with the Rules of Professional Conduct is paramount for New York attorneys," said State Bar President Scott M. Karson. "If adopted by the Continuing Legal Education Board, New York State would become the first state to implement a cybersecurity requirement for lawyers. I commend the Committee for a terrific and timely report."

Committee co-chair Mark A. Berman said that voluntary cybersecurity courses do not work. He saw lower attendance in 2018 and 2019 at CLE programs on cybersecurity "as lawyers sent money into cyberspace, paid ransom to unlock their computers and leaked proprietary confidential information in breach of our ethical responsibilities."

Most lawyers are working from home and more likely to use a mobile device. Berman said, "With a mobile phone, you don't necessarily have the infrastructure of law firms or the protection of a firm's network. You might also use home Wifi which may or not be secure."

While Florida and North Carolina added technology education to their CLE requirements, the N.Y. committee argued cybersecurity protection is an important issue for lawyers and should be emphasized through a one-credit requirement.

On July 26, 2019, New York's governor signed the "Stop Hacks and Improve Electronic Data Security" (SHIELD) Act, requiring businesses to implement safeguards for the "private information" of New York residents and broadening New York's security breach notification requirements. The SHIELD Act applies to lawyers and law firms of all sizes. The security requirements took effect on March 21, 2020. The Attorney General can sue for data breaches or failure to comply with cybersecurity requirements.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson