Sign of the times: NewYork to require cybersecurity CLE credits

Nicole Black

When was the last time you attended a CLE course focused on cybersecurity issues? If you’re anything like most lawyers, chances are you’ve never taken one. But if you’re a New York lawyer, that will soon change.

For many members of the legal profession, technology adoption tends to be an afterthought, trumped by the noble cause of client representation. After all, you didn’t go to law school to learn about mobile apps and cloud computing software — your goal was to learn how to practice law.

Unfortunately, the tides of change have other plans. Over the past decade, technology has advanced at unprecedented rates. The internet has become our source of truth, and cloud computing is now the default computing system used by people — and lawyers — worldwide. Mobile devices are prolific in the legal profession, and smartphones are commonplace.

Even before COVID-19, technology was unavoidable. But after the onset of the pandemic, legal technology adoption accelerated at rates never before seen as lawyers sought to keep their firms afloat despite the social distancing requirements and unpredictability of the pandemic.

A side effect of the rapid uptick in technology use by lawyers was the significant increase in cyberattacks, including email phishing, email spoofing, malware, social engineering attacks and brute force hacking. This was bad news for the law firms that were struggling with technology adoption and implementation, and many were wholly unprepared for the frequency and variability of the attacks.

As we try to find a new normal on what may be the other side of the pandemic, cybersecurity concerns are paramount for many law firms, which is why New York’s recently enacted cybersecurity CLE requirement is so timely.

On June 10, the Departments of the New York State Supreme Court, Appellate Division issued a Joint Order that requires that all New York attorneys complete one hour of cybersecurity continuing legal education as part of their biannual registration requirement. The Order takes effect on January 1, 2023.

The new CLE requirement encompasses two types of cybersecurity courses. Lawyers will have the option of taking a cybersecurity CLE focused on either ethics or law practice.

The ethics option covers cybersecurity, privacy and data protection-ethics, and “must relate to lawyers’ ethical obligations and professional responsibilities regarding the protection of electronic data and communication.”

In comparison, the training related to practicing law encompasses the “technological aspects of protecting client and law office electronic data and communication … vetting and assessing vendors and other third parties relating to policies, protocols and practices on protecting electronic data and communication; applicable laws relating to cybersecurity (including data breach laws) and data privacy; and law office cybersecurity, privacy and data protection policies and protocols.”

So pick your poison, New York lawyers. Come January, a cybersecurity CLE is in your future. It’s simply a matter of choosing the cybersecurity category that provides the foundational knowledge that you need to maintain your already-existing ethical obligation of technology competence. No matter how you look at it, it’s a win-win situation all around.

Nicole Black is a Rochester attorney, author, journalist and the Legal Technology Evangelist at MyCase legal practice management software. She is the nationally-recognized author of "Cloud Computing for Lawyers" (2012) and co-authors "Social Media for Lawyers: The Next Frontier" (2010), both published by the American Bar Association. She also co-authors "Criminal Law in New York," a Thomson Reuters treatise. She writes regular columns for Above the Law, ABA Journal, and The Daily Record, has authored hundreds of articles for other publications, and regularly speaks at conferences regarding the intersection of law and emerging technologies. She is an ABA Legal Rebel, and is listed on the Fastcase 50 and ABA LTRC Women in Legal Tech. She can be contacted at