Oct. 30, 2023
Dear Securities and Exchange Commission, I am writing to express my concerns regarding the proposal "Safeguarding Advisory Client Assets" and the lack of consideration for privacy and security concerns associated with the custody of digital assets. While I appreciate the effort to enhance investor protections, it is crucial to address the potential risks and vulnerabilities when it comes to safeguarding sensitive taxpayer information. One of my main concerns is the potential increase in identity theft due to the proposed regulations. The collection of user information by participants in Decentralized Finance (DeFi) may lead to the storage of sensitive taxpayer data without proper safeguards. This poses a significant risk as it creates a potential "honey pot" for identity theft under the guise of tax reporting. Identity theft is a growing concern in today's digital age, and it is critical for regulatory authorities to prioritize the protection of personal and financial data. The proposed regulations should include robust measures to ensure the security and privacy of client assets, especially digital assets that are susceptible to online theft and hacking attempts. Furthermore, the proposed rule should require investment advisers to implement stringent security measures to safeguard client data. This includes encryption protocols, multi-factor authentication, data breach notification procedures, and regular assessments of cybersecurity protocols. By doing so, it would mitigate the risk of unauthorized access and protect investors' assets from potential breaches. Moreover, the proposal should encourage the adoption of decentralized methods of custody for digital assets. Decentralized custody solutions, such as blockchain technology, can provide an additional layer of security by reducing the reliance on centralized custodians and minimizing the risk of a single point of failure. In order to address the concerns surrounding identity theft and potential breaches, the Securities and Exchange Commission should collaborate with related privacy and security experts to develop comprehensive guidelines for investment advisers. These guidelines should outline best practices for cybersecurity, encryption, data protection, and incident response planning. Furthermore, the SEC should consider conducting regular audits or surprise examinations specifically focused on assessing the security measures implemented by investment advisers to protect client data. This additional layer of oversight would ensure compliance with the proposed regulations and provide assurance that investors' assets are adequately safeguarded. In conclusion, I urge the Securities and Exchange Commission to consider the grave privacy and security concerns associated with the custody of digital assets. It is essential that any regulatory framework addresses these concerns and incorporates robust measures to protect investors from identity theft and other cybersecurity risks. By prioritizing security and privacy, the SEC can maintain both the integrity of the market and the trust of investors. Thank you for considering my comments on this proposed rule. Sincerely, Shreya Osborne