Thu. Mar 28th, 2024

Content Assessment: A New York State of Mind? New Cybersecurity, Privacy, and Data Protection CLE Requirements in New York

Information - 92%
Insight - 90%
Relevance - 90%
Objectivity - 94%
Authority - 95%

92%

Excellent

A short percentage-based assessment of the qualitative benefit of the post highlighting the joint order by the judicial departments of the Appellate Division of the New York State Supreme Court requiring attorneys to complete at least one credit of cybersecurity, privacy, and data protection training as part of their continuing legal education requirements.

Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.


Background Note: According to a joint order signed on June 10, 2022, from the judicial departments of the Appellate Division of the New York State Supreme Court, New York state attorneys will be required to complete at least one credit of cybersecurity, privacy, and data protection training as part of their continuing legal education (CLE) requirements. The new requirement will take effect on July 1, 2023, and may be of interest to cybersecurity, information governance, and legal discovery professionals operating in the eDiscovery ecosystem seeking both educational and evangelistic opportunities for increasing awareness and understanding of cybersecurity, privacy, and data protection challenges and considerations.

Selected Article Extracts and Complete Joint Order

New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection

Extract from Privacy & Information Security Law Blog – Hunton Andrews Kurth

On June 10, 2022, New York became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education (“CLE”) requirements. The new requirement will take effect July 1, 2023.

The New York State Bar Association’s (“NYSBA”) Committee on Technology and the Legal Profession initially recommended the new requirement in a 2020 report. In a joint order, the judicial departments of the Appellate Division of the New York State Supreme Court formally adopted the recommendation.  

The required one hour of cybersecurity, data privacy and data protection training may be related to attorneys’ ethical obligations with respect data protection and count toward their ethics and professionalism CLE requirements. Alternatively, the credit may be related to general cybersecurity, data privacy and data protection issues and count toward attorneys’ general CLE requirements.

Read the original article.


New York Becomes First State to Mandate CLE in Cybersecurity, Privacy and Data Protection

Extract from LawSites – Bob Ambrogi

The order creates two types of cybersecurity training, one focused on ethics and the other on practice. It describes the ethics training as follows:

Cybersecurity, Privacy and Data Protection-Ethics must relate to lawyers’ ethical obligations and professional responsibilities regarding the protection of electronic data and communication and may include, among other things: sources of lawyers’ ethical obligations and professional responsibilities and their application to electronic data and communication; protection of confidential, privileged and proprietary client and law office data and communication; client counseling and consent regarding electronic data, communication and storage protection policies, protocols, risks and privacy implications; security issues related to the protection of escrow funds; inadvertent or unauthorized electronic disclosure of confidential information, including through social media, data breaches and cyber attacks; and supervision of employees, vendors and third parties as it relates to electronic data and communication.

The rule describes the practice-related training this way:

Cybersecurity, Privacy and Data Protection-General must relate to the practice of law and may include, among other things, technological aspects of protecting client and law office electronic data and communication (including sending, receiving and storing electronic information; cybersecurity features of technology used; network, hardware, software and mobile device security; preventing, mitigating, and responding to cybersecurity threats, cyber attacks and data breaches); vetting and assessing vendors and other third parties relating to policies, protocols and practices on protecting electronic data and communication; applicable laws relating to cybersecurity (including data breach laws) and data privacy; and law office cybersecurity, privacy and data protection policies and protocols.

The rule allows lawyers to apply up to three hours of the ethics training to their total biennial ethics and professionalism requirement, which is six years for new attorneys and four years for other attorneys.

Read the original article.


Complete Joint Order of the Departments on the NY State Supreme Court – Appellate Division (PDF) – Mouseover to Scroll

Joint Order Amending 22 NYCRR 1500 Cybersecurity CLE requirement - 06-10-22

Additional Reading

Source: ComplexDiscovery

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.