July 6, 2010
This is in response to the proposed rule requiring data stored on portable media to be encrypted. I am not sure whether the efficacy of this rule would be worth the extra expense that would be required for a small firm (and remember that there are over 4000 small firms) to follow this rule. In order for FINRA or the SEC to be able to read an encrypted submission, they would have to have decoding ability. Once the item is decoded or unencrypted, what are the safeguards that they have in place to protect the data? Massachusetts just had a major screw-up in its data protection procedures (and what is the SEC or FINRA doing about that?).
Are we also going to have to encrypt any hard copy submissions? If the hard copy is not encrypted, then why go through the time and expense of encrypting a disc? Why not just require that the disc be delivered by FedEx or UPS in overnight format? I believe that this is another case of form over function. It is another way for regulators to say "see - we are doing something to protect personal information" but it won't work, so why bother?
This is just another straw that will eventually break the camel's back, as much of the current regulation has already done to the BD's that have gone under or have opted to become Investment Advisors because they have fewer regulations. Does anyone have any doubts as to why the number of BD's is down over 8% in the past couple of years?
David M. Sobel
David M. Sobel, Esq.
EVP / CCO
One Battery Park Plz
New York, NY 10004