Subject: [File Number S7-05-23]
From: Lars Wohlfahrt
Affiliation:

Apr. 12, 2023

Dear Sir or Madame,

I have conducted a thorough review of the public comment letters from
2008, and I would like to provide my opinion on the matter while
summarizing the general themes.

The protection of investors is one of the key missions of the SEC, and
as a household investor, I believe that there should be an official
policy on protecting data and information regarding data breaches. It is
imperative that customers feel secure and protected, and informed when a
data breach occurs.

While it is important for representatives to own the client
relationship, it should not come at the cost of the client's best
interests. Additionally, data retention rules should be established to
protect against regulatory investigations and ensure compliance.

Protecting data is of critical importance, and it is essential that each
institution adheres to a clear policy regarding privacy protection,
shredding, data breaches, and other related issues. The current fines
imposed by the SEC are inadequate and do not serve as effective
deterrents. This is exemplified by the five-year-long failure of Morgan
Stanley Smith Barney LLC to protect the personal identifying information
of approximately 15 million customers, which resulted in a mere $35
million penalty. Furthermore, the fact that 16 firms were fined for
record-keeping failures highlights the lack of trust that can be placed
in financial entities to police themselves. This contradicts a fair market.

I believe that financial institutions, including independent
representatives, broker-dealers, and transfer agents, should inform
customers of any data breaches, and that independent advisors should
align the length of time that data is retained with SEC policy. This
will ensure that independent advisors remain in regulatory compliance
and support investigations even after they change employers.

While small firms may be impacted by increased costs, this should not
come at the expense of customer protection. In fact, it is my belief
that driving competition towards better protection will ultimately
benefit customers and promote a healthier market.

In summary, the SEC must approach this policy through the lens of
protecting household investors. It is crucial that customers feel their
data is secure and protected, and that financial institutions adhere to
a clear policy on privacy protection, shredding, data breaches, and
related issues. Fines must be increased to effectively serve as
deterrents, and the SEC should establish clear rules and guidelines for
institutions to follow.

Thank you for your consideration and time in this matter

Lars Wohlfahrt