NOBODY WILL EVER BE ABLE TO EXPLAIN TO ME
WHY THIS TOOK TILL 2023
ALL lawyers must take cybersecurity training
#NewYork will require attorneys to have 1 hour of annual training in #Cybersecurity, #DataSecurity, and #Privacy beginning in 2023. #CyberLaw
New York to Require Attorneys Receive Data Privacy, Security Training
https://www.secureworld.io/industry-news/new-york-attorneys-cybersecurity-privacy
With the risk of data breaches growing—and a quarter of law firms reporting in a 2021 survey that they experienced their own breaches—attorneys barred in New York must now formally brush up on their cybersecurity training.
Bloomberg is reporting that the State of New York is the first U.S. jurisdiction to require attorneys to complete one credit hour of cybersecurity, privacy, and data protection training as part of their biennial Continuing Legal Education (CLE).
The new requirement will go into effect July 1, 2023. Here are details on the new requirement from the New York State Unified Court System.
Courses focused on privacy and data protection with a bent toward cybersecurity are commonplace; New York attorneys can begin earning their new CLE credit as soon as January 1, 2023.
With recent headlines revealing breaches discovered when attorneys mistakenly sent sensitive data (e.g., the Alex Jones trial and Donald Trump’s lawyers’ release of emails via Dropbox link related to Jan. 6 Committee proceedings), attorneys need to learn how to prevent and/or respond to internal mishaps and external cyberattacks.
“As attorneys, we have an important ethical and professional duty to safeguard and protect the confidentiality of client information, including electronic information. Part of this obligation is to stay up to date with the fast-moving threat landscape, regardless of the area of law we practice or the size of our law firm. Failing to prioritize data security can lead to significant consequences for attorneys, including business interruption, data and financial loss, and reputational damage.
The current landscape requires lawyers to stay up to speed with changes in technology used to practice law and understand the need to protect and safeguard this information from threat actors. New York’s new CLE requirement is undoubtedly an important milestone in the industry.”
“While New York is the first state to do so, we expect to start seeing more states adopt similar requirements,” said Jane Petoskey, Esq., Associate Attorney. “New York’s requirement aligns with ABA Formal Opinion 477R (2017), 483 (2018), and 498 (2021), which set forth formal guidance on attorneys’ obligations related to cybersecurity responsibilities, as well as those arising from an electronic data breach or cyberattack.”
Jake Bernstein, Esq., Partner, added, “Both the American Bar Association (ABA) and states’ model rules of professional conduct already require attorneys to be aware of the risks that come with the benefits of the use of technology (see Model Rules 1.1, 1.6, 5.1, and 5.3), so as technology advances and security inherently becomes a greater issue, we expect more states to enforce more training related to attorneys’ cybersecurity and privacy practices.”
Here’s more on the new CLE program rules related to the cybersecurity, privacy, and data protection requirement.