New CLE Requirement: Cybersecurity, Privacy and Data Protection

Effective July 1, 2023, all New York attorneys will have to complete 1 CLE credit hour in the new Cybersecurity, Privacy and Data Protection category of credit as part of their CLE requirement. The required one hour of cybersecurity, data privacy and data protection training may be completed by taking one hour in either Cybersecurity, Privacy and Data Protection – Ethics or Cybersecurity, Privacy and Data Protection – General, or a combination of half a credit in each.

Cybersecurity, Privacy and Data Protection – Ethics counts toward the ethics and professionalism CLE requirements and must relate to a lawyers ethical obligations and professional responsibilities regarding the protection of electronic data and communication and may include, among other things: sources of lawyers’ ethical obligations and professional responsibilities and their application to electronic data and communication; protection of confidential, privileged and proprietary client and law office data and communication; client counseling and consent regarding electronic data, communication and storage protection policies, protocols, risks and privacy implications; security issues related to the protection of escrow funds; inadvertent or unauthorized electronic disclosure of confidential information, including through social media, data breaches and cyber attacks; and supervision of employees, vendors and third parties as it relates to electronic data and communication.

Cybersecurity, Privacy and Data Protection – General counts toward the general CLE requirements and must relate to the practice of law and may include, among other things, technological aspects of protecting client and law office electronic data and communication (including sending, receiving and storing electronic information; cybersecurity features of technology used; network, hardware, software and mobile device security; preventing, mitigating, and responding to cybersecurity threats, cyber attacks and data breaches); vetting and assessing vendors and other third parties relating to policies, protocols and practices on protecting electronic data and communication; applicable laws relating to cybersecurity (including data breach laws) and data privacy; and law office cybersecurity, privacy and data protection policies and protocols.

Though the requirement takes effect July 1, 2023 attorneys can begin earning CLE credit in this new category beginning on January 1, 2023. The City Bar will be offering a number of opportunities to earn the new credit in the new year including the upcoming January 31, 2023 CLE on Cybersecurity, Privacy and Data Protection and the 16-Hour Bridge-the-Gap program on January 20 and 27.

For a full description of both types of Cybersecurity, Privacy and Data Protection credits, click here.

The total number of CLE credits that you must complete in your reporting cycle does not increase. If you are due to register in 2023 but your birthday is before July 1, 2023 you do not have to comply with the new requirement in 2023, but must comply in future biennial periods.  If you are due to re-register on or after July 1, 2023 (birthday is on or after July 1st), you must complete 1 CLE credit hour in Cybersecurity, Privacy and Data Protection as part of your biennial CLE requirement.

For more information on City Bar CLE and On-Demand programming offering the new Cybersecurity credit, please check our website. For more general information on the new requirement please check the New York Court’s CLE page or check out the Cybersecurity Credit FAQs.