New York Requires Cybersecurity Continuing Legal Education Courses – Pennsylvania Lags Behind

Cybersecurity is a problem that everyone faces. But for attorneys, the problem is greater because we store information particularly valuable to cybercriminals, everything from phone numbers to Social Security numbers to all types of confidential information. Heck, there are probably those who have the formula for Coke or the nooks and crannies of English Muffins in their files. Yet attorneys are often ignorant about and unprepared for cyberattacks. Just yesterday, one colleague mentioned that all of her clients’ names and phone numbers and other personal data are on her cellphone, yet she has no idea which apps are harvesting that information. Another attorney mentioned that he takes no precautions to prevent a hacker from accessing his office’s data because “they don’t care about me.” The horror stories are many. And our ethics and techno-ethics clients hear about these issues all the time.

Thankfully, New York recognizes the issue and on June 10, 2022, the Court issued an Order requiring every attorney licensed in the state to attend at least one hour of continuing legal education every two years in “cybersecurity, privacy and data protection.” Congratulations to New York’s court system for recognizing the dangers of the online world.

As for Pennsylvania, our Supreme Court has not imposed such a requirement. Why? No one knows. But on January 19, 2018, the Pennsylvania Bar Association House of Delegates approved a Report and Recommendation suggesting that the Pennsylvania Supreme Court require attorneys to take a minimum of one hour of CLE credit every two years in programs addressing technology in the legal profession. The Supreme Court has not acted on the request, nor has it taken any action to assure Pennsylvania lawyers understand the need for technology and cybersecurity education for all attorneys.

Let’s hope that the Pennsylvania Supreme Court follows the lead of our northern neighbor. After all, some courts in Pennsylvania have been hacked and attacked with ransomware, and law firms have suffered similar fates. Mandating one hour of Continuing Legal Education every two years on technology, cybersecurity, privacy and data protection seems to be the least that should be required.