A third state could soon join the two that require technology training as part of a lawyer’s obligation to undergo continuing legal education.

Two states currently require mandatory tech CLE. In 2016, Florida became the first state to do so, when it adopted a rule requiring lawyers to complete three hours of CLE every three years “in approved technology programs.”

In 2018, North Carolina followed suit, requiring all lawyers there to complete one hour per year of CLE devoted to technology training.

One other state has given what I described at the time as a “tepid nod” to tech CLE. Last year, Maine adopted a revised CLE rule that described maintaining competence in technology as an aspirational goal of CLE, but that did not require tech training.

Now, via Sharon Nelson’s Ride the Lightning blog, comes news that the New York State Bar Association has approved a committee report that recommends amending the mandatory continuing legal education rule to require one credit in cybersecurity.

The credit would be included within the Ethics and Professionalism category of CLE and would not add to the minimum number of CLE hours attorneys are required to take.

While not requiring broader technology CLE, the rule, if adopted, would make New York the first state to adopt a requirement specifically targeting cybersecurity CLE.

“Rather than recommend a general technology requirement, the committee believes cybersecurity protection is a pressing issue for lawyers and should be emphasized through a one-credit requirement,” the Committee on Technology and the Legal Profession said in its report to the NYSBA House of Delegates.

The committee, which was cochaired by Mark A. Berman of Ganfer Shore Leeds & Zauderer LLP and Gail L. Gottehrer of the Law Office of Gail Gottehrer LLC, said in its report that it was recommending mandatory training in cybersecurity both because of the importance of the issue to protecting client confidences and because of lawyers’ lack of voluntary attendance at CLEs on the topic.

“Notwithstanding reporting by the press on data breaches and, more importantly on law firm breaches, the Committee has been surprised by the relative lack of attendance at NYSBA CLEs on cybersecurity, whether in person or over webinars,” the report said.