Bloomberg Law
Nov. 8, 2022, 10:00 AM

ANALYSIS: NY Is First to Require CLE on Cybersecurity, Privacy

Golriz Chrostowski
Golriz Chrostowski
Legal Analyst

New York-barred attorneys were notified last week that they’ll be required to complete one CLE credit hour of cybersecurity, privacy, and data protection training as part of their biennial learning requirement beginning July 1, 2023.

As the first jurisdiction to implement this specific requirement, New York is sending a strong reminder that lawyers have a duty of technical competence. As technology advances, so does the risk of data breaches. And attorneys—who have professional, ethical, and often contractual obligations to safeguard client information—must be aware of these risks.

One quarter of the respondents to a 2021 American Bar Association survey reported that their firms had experienced a data breach at some time. That is an alarming number. But external cyberattacks are just one way that confidential information can be inadvertently disclosed. Attorneys and their firms can do an astounding amount of damage on their own with the conveniences of electronic data and communications.

Remember when Alex Jones’ attorney, Andino Reynal, sent a large electronic file to opposing counsel that included attorney-client privileged communications, protected health records, and records unrelated to the case?

Or recently, when media outlets uncovered emails between Donald Trump’s lawyers that were of interest to the Jan. 6 Committee through an active DropBox link?

These are the types of blunders that the new CLE requirement aims to prevent. New York attorneys not only need to understand how to prevent and respond to external threats such as cyber attacks, but also need to be competent in the technological aspects of protecting client and law office electronic data and communication, including the sending, receiving, and storing of electronic information.

New York-barred attorneys can start earning their CLE credit as early as Jan. 1, 2023. As courses in cybersecurity, privacy, and data protection become increasingly available, attorneys in other jurisdictions should seize the opportunity to educate themselves.

Bloomberg Law subscribers can find related content on our Practical Guidance: Privacy, Cybersecurity & Technology page.

If you’re reading this on the Bloomberg Terminal, please run BLAW OUT <GO> in order to access the hyperlinked content, or click here to view the web version of this article.

To contact the reporter on this story: Golriz Chrostowski in Arlington, VA at

Learn more about Bloomberg Law or Log In to keep reading:

Learn About Bloomberg Law

AI-powered legal analytics, workflow tools and premium legal & business news.

Already a subscriber?

Log in to keep reading or access research tools.