Committee Reports

Support of Proposal to Amend the Mandatory Continuing Legal Education (CLE) Rules to Include a New Category of Credit- Cybersecurity, Privacy and Data Protection

Date

February 16, 2022

SUMMARY

The Small Law Firm Committee submitted comment in support of the proposal to amend the mandatory legal education rules so as to require newly admitted and experienced attorneys to complete one CLE credit in the new category of Cybersecurity, Privacy and Data Protection. Citing an expansion of technology fundamental to legal practice, and an attendant expansion of cyber threats, the comment letter argues that the “reasonable efforts” provision of Rule 1.6(c) of the Rules of Professional Conduct has become a rapidly-evolving standard based on current technologies. The comment suggests that CLEs developed to fulfill the new requirement focus on cost-effective best practices, rather than simple awareness of vulnerabilities. The committee says in its comment that “a timely course that alerts attorneys to the current forms of cyber threats as well as practical and efficient ways to guard against them would be a valuable resource for all attorneys and would be most welcomed by small law firm practitioners.”

REPORT

REPORT BY THE SMALL LAW FIRM COMMITTEE

IN SUPPORT OF PROPOSAL TO AMEND THE MANDATORY CONTINUING LEGAL EDUCATION (CLE) RULES TO INCLUDE A NEW CATEGORY OF CREDIT-
CYBERSECURITY, PRIVACY AND DATA PROTECTION

The New York City Bar Association, through its Small Law Firm Committee (the “Committee”) submits this comment in support of the proposal of the Office of Court Administration to amend the mandatory legal education rules so as to require newly admitted and experienced attorneys to complete one CLE credit in the new category of Cybersecurity, Privacy and Data Protection.

Constantly changing and expanding technology provides attorneys with increasing opportunities to handle complex matters and to work remotely. Client information that used to reside in a file room is now stored in individual computers, servers and on the cloud. Stored information is accessible through laptops, tablets, and mobile devices at virtually any location.

This explosion of technology has also given rise to ever-increasing and sophisticated threats to the security of stored client information and the operation of the law firms that are charged with safeguarding this data.

Rule 1.6(c) of the Rules of Professional Conduct requires a lawyer to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure” of confidential client information. What constitutes “reasonable efforts” in a rapidly changing technology and cyber piracy environment is an ever-evolving standard.

Requiring a one hour CLE credit every two years will provide an effective means for attorneys to learn what the latest “reasonable efforts” are based upon current technology.

The Small Law Firm Committee urges that the CLE courses developed to fulfill this requirement be focused on the current best practices that all attorneys can utilize in a cost effective fashion regardless of the size of their law office. It would be counterproductive for the CLE time to be spent primarily on warning attorneys of their need to develop cybersecurity safeguards or explaining the complex processes involved in cyber-breaches without providing specific, concrete, understandable steps that any attorney can employ to protect their own devices and information as well their clients’ data. Solutions offered in cyber security CLE courses should include options that are accessible and reasonably priced so as to be available to all lawyers, including lawyers who are in solo practices or small law firms.

A timely course that alerts attorneys to the current forms of cyber threats as well as practical and efficient ways to guard against them would be a valuable resource for all attorneys and would be most welcomed by small law firm practitioners. Because cyber security has become such an important aspect of legal practice, we also support making a one hour course on this topic part of the mandatory requirements for CLE credit without increasing the overall hourly requirement for CLE credit.

Thank you for your consideration.

Small Law Firm Committee
Anne R. Wolfson, Chair

Submitted February 15, 2022: rulecomments@nycourts.gov

Support of Proposal to Amend the Mandatory Continuing Legal Education (CLE) Rules to Include a New Category of Credit- Cybersecurity, Privacy and Data Protection

SUMMARY

REPORT

Related events

Related media

Related reports

Legal Issues for Private Museums

Regulating Data Privacy in a World of Emerging Digital Health Technologies

Navigating Intellectual Property Law Careers

NY Court System Launches Panel To Study AI Risks, Rewards (Law360)

The AI Revolution Comes to the Courtroom

NY Court System Launches AI Task Force to Study Its Potential to Help Deliver Justice (New York Law Journal)

Letter Urging the Inclusion of a Right to Counsel for all Tenants Facing Eviction in 2024-25 New York State Budget

Report in support of legislation to reform and modernize the administration of class actions in New York’s courts

Artificial Intelligence and Machine Learning in Financial Services