Support of Proposal to Amend the Mandatory Continuing Legal Education (CLE) Rules to Include a New Category of Credit- Cybersecurity, Privacy and Data Protection
The Small Law Firm Committee submitted comment in support of the proposal to amend the mandatory legal education rules so as to require newly admitted and experienced attorneys to complete one CLE credit in the new category of Cybersecurity, Privacy and Data Protection. Citing an expansion of technology fundamental to legal practice, and an attendant expansion of cyber threats, the comment letter argues that the “reasonable efforts” provision of Rule 1.6(c) of the Rules of Professional Conduct has become a rapidly-evolving standard based on current technologies. The comment suggests that CLEs developed to fulfill the new requirement focus on cost-effective best practices, rather than simple awareness of vulnerabilities. The committee says in its comment that “a timely course that alerts attorneys to the current forms of cyber threats as well as practical and efficient ways to guard against them would be a valuable resource for all attorneys and would be most welcomed by small law firm practitioners.”
REPORT BY THE SMALL LAW FIRM COMMITTEE
IN SUPPORT OF PROPOSAL TO AMEND THE MANDATORY CONTINUING LEGAL EDUCATION (CLE) RULES TO INCLUDE A NEW CATEGORY OF CREDIT-
CYBERSECURITY, PRIVACY AND DATA PROTECTION
The New York City Bar Association, through its Small Law Firm Committee (the “Committee”) submits this comment in support of the proposal of the Office of Court Administration to amend the mandatory legal education rules so as to require newly admitted and experienced attorneys to complete one CLE credit in the new category of Cybersecurity, Privacy and Data Protection.
Constantly changing and expanding technology provides attorneys with increasing opportunities to handle complex matters and to work remotely. Client information that used to reside in a file room is now stored in individual computers, servers and on the cloud. Stored information is accessible through laptops, tablets, and mobile devices at virtually any location.
This explosion of technology has also given rise to ever-increasing and sophisticated threats to the security of stored client information and the operation of the law firms that are charged with safeguarding this data.
Rule 1.6(c) of the Rules of Professional Conduct requires a lawyer to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure” of confidential client information. What constitutes “reasonable efforts” in a rapidly changing technology and cyber piracy environment is an ever-evolving standard.
Requiring a one hour CLE credit every two years will provide an effective means for attorneys to learn what the latest “reasonable efforts” are based upon current technology.
The Small Law Firm Committee urges that the CLE courses developed to fulfill this requirement be focused on the current best practices that all attorneys can utilize in a cost effective fashion regardless of the size of their law office. It would be counterproductive for the CLE time to be spent primarily on warning attorneys of their need to develop cybersecurity safeguards or explaining the complex processes involved in cyber-breaches without providing specific, concrete, understandable steps that any attorney can employ to protect their own devices and information as well their clients’ data. Solutions offered in cyber security CLE courses should include options that are accessible and reasonably priced so as to be available to all lawyers, including lawyers who are in solo practices or small law firms.
A timely course that alerts attorneys to the current forms of cyber threats as well as practical and efficient ways to guard against them would be a valuable resource for all attorneys and would be most welcomed by small law firm practitioners. Because cyber security has become such an important aspect of legal practice, we also support making a one hour course on this topic part of the mandatory requirements for CLE credit without increasing the overall hourly requirement for CLE credit.
Thank you for your consideration.
Small Law Firm Committee
Anne R. Wolfson, Chair
Submitted February 15, 2022: firstname.lastname@example.org