FINRA's CARD proposal is simply nuts, and a disaster waiting to happen. While FINRA claims that personal identifiers will not be included, how tempting a target is a database of every trade done in every account, with brokerage firm identifiers, and individual account identifiers, for the hackers of the world.
And can we really trust FINRA, a private organization, to hold all of that sensitive information? For what purpose? So that it can better identify potential fraud? The concept is similar to embedding electronic trackers in every person so that we can better find the one criminal when we need to do so. FINRA has enough power of the financial markets, it does not need to increase that power by invading the privacy of everyone, and increasing the cyber-security risk..
All of this makes the report released on today by FINRA a very interesting admission. FINRA's Report on Cybersecurity Practices was released, in an effort to alert the industry that responding to the threat of a cyberattack is a high priority. No kidding, really? The United States Government has been attacked, our military has been attacked, the largest corporations in the world have been attacked, FINRA knows it is a significant problem, yet FINRA is trying to obtain details of every securities transaction, and keep that information in one place.
Good thing FINRA is issuing warnings about attacks. Is it reading those warnings?
---
Mark Astarita is a securities attorney and computer enthusiast, who has been online since 1985. He knows the dangers that online databases provide, in particular for financial information. He is also a partner in the securities law firm of Sallah Astarita & Cox, LLC, which represents all participants in the financial markets in compliance, regulation and litigation, nationwide. He can be reached at 212-509-6544, or at mja@sallahlaw.com.