Mar. 31, 2023
March 31, 2023 Employees should not be required to provide to an unknown third party access to certain personal financial institution accounts, when employees are already required to provide their financial holdings as an annual reporting to the SEC's Office of Ethics Counsel (OEC). If a member of the OEC needed more specifics from what is already provided annually, the OEC can ask the employee for the account number that is published on the statements that are provided in the annual submission. Who is going to operate on behalf of the OEC, and how will they be vetted? OEC does not have a good track record with third parties, according to \"The New York Times\" - https://www.nytimes.com/2011/10/23/business/at-the-sec-questions-about-its-own-privacy-controls.html?_r=3. With all the breaches we read about in the news, why provide an expanded footprint to potentially adversely affect SEC employees? SEC employees are already at risk from their financial institutions to make sure they are safeguarding the data. The annual reporting required of SEC employees to OEC expands that risk footprint to include the SEC as a potential point of compromise. Incorporating a third party would expand that risk footprint further to whomever this third party would be or wherever that third party or its subsidiaries or trusted partners are located.