Oct. 23, 2023
J. Dana [REDACTED] 10-23-23 Securities and Exchange Commission 100 F Street, NE Washington, DC 20549-1090 Subject: Public Comment on Proposal "Safeguarding Advisory Client Assets" (File No. S7–25–20) Dear Securities and Exchange Commission, I am writing to provide a public comment on the proposed rule "Safeguarding Advisory Client Assets" (File No. S7–25–20). The rule aims to enhance investor protections and address gaps in the custody rule. While I appreciate the regulatory efforts to protect investors, I have concerns about the privacy and security ramifications of the proposed rule. Privacy is a fundamental right, and it is essential to safeguard sensitive financial data and personal information. Unfortunately, the proposal does not adequately recognize the privacy and security concerns associated with the custody of digital assets and fails to set forth appropriate safeguards to protect investors' assets from unauthorized access or data breaches. By requiring investment advisers to provide detailed information about clients' assets and custodians, the proposal increases the number of third parties with access to sensitive financial data, including Social Security numbers. This raises significant privacy concerns related to the storage, transmission, and handling of this information. As we have witnessed in recent years, major data breaches have exposed personal and financial information, leading to identity theft and financial fraud. As the proposal expands the scope of assets to be held by qualified custodians, it becomes crucial to ensure that adequate measures are in place to protect the privacy and security of investor information. The SEC should collaborate with industry experts to develop comprehensive and robust cybersecurity standards that address the specific challenges associated with digital assets custody. These standards should include guidelines for encryption, access controls, security audits, incident response plans, and regular training for personnel handling sensitive data. Furthermore, the proposal should require investment advisers to obtain explicit consent from investors before sharing their personal and financial information with custodians or any third party. This consent should clearly explain the risks and potential consequences of sharing such information, highlighting the importance of privacy and security safeguards. In addition to these privacy concerns, I would also like to address the broader issue of private contract rights. Investment advisers and their clients should have the freedom to enter into private contracts that specify the terms of custody and address individual preferences for privacy and security. Imposing a one-size-fits-all regulatory framework on all investment advisers may limit the ability to negotiate and tailor custody arrangements to individual needs. To strike a balance between privacy, security, and investor protection, the SEC should consider providing more flexibility and options within the proposed rule. For instance, advisers could be given the option to choose from a range of qualified custodians with varying privacy and security protocols, allowing them to align their custody arrangements with their clients' preferences and risk profiles. In conclusion, I urge the SEC to carefully evaluate the privacy and security concerns associated with the custody of digital assets and incorporate robust safeguards into the final rule. Investors' financial data, including personal and sensitive information, must be protected from unauthorized access and potential breaches. By prioritizing privacy, security, and the preservation of private contract rights, the SEC can ensure that the proposed rule achieves its intended goal of enhancing investor protections. Thank you for considering my concerns. I appreciate the opportunity to provide input on this important matter. If you require any further information or clarification, please do not hesitate to contact me. Sincerely, J. Dana --