May 1, 2008
In order for small broker dealer firms to offer comments on the proposed large expansion of Regulation S-P by May 12, 2008, please supply information on the following:
1. What is the number of instances and the potential dollar amount of damages of breaches in customer privacy by small broker dealers during the last 1 year, 5, year, and 10 year period.
2. What is the number of instances and the potential dollar amount of damages
of breaches in customer privacy by large broker dealers and banks during the last
1 year, 5, year, and 10 year period.
I am aware that banks lose their shirts through identity theft but they are not
regulated by the SEC and what is appropriate for banks may have no useful
application for securities firms.
3. What was the quantity of security and customer privacy breaches for small broker dealers based on unauthorized access to paper documents for the last 1, 5, and 10 years period?
4. What was the quantity of security and customer privacy breaches for small broker dealers based on unauthorized access to internet based documents for the last 1, 5, and 10 year periods?
5. What group was instrumental in calling for the development of the proposed expansion of regulation S-P? (The SEC, FINRA, the US Senate, the US House, or the US Treasury)
6. Does the SEC envision that small firms have adequate Firewall protection through using desk top PCs with Windows Operating Systems, such as XP and Vista, and Firewalls provided by Microsoft, Symantec or McAfee?
From a small firm perspective, I am looking for some documentation OR statistics of actual customer personal information being obtained from BROKER DEALERS OR INVESTMENT ADVISERS on such a grand scale, to warrant all the expense and effort to battle something that may not be a proved problem.
For firms to be approved for electronic record storage, regulators have mandated an outside service bureau be engaged which can access and back up electronic records via the internet. This requirement alone can make customer records vulnerable and therefore many small firms have declined to apply for electronic record storage as part of their membership agreement
Frank C. Dealy
Executive Advisors, Inc.