The endless tide of NSA revelations has made us all too familiar with government agencies’ hunger for personal information, especially in the context of national security. But we’re also seeing surveillance systems being set up by smaller, less newsworthy agencies to monitor our day-to-day activities.
The newest example is investment activities. The Financial Industry Regulatory Authority (FINRA) recently proposed a new data system called the Comprehensive Automated Risk Data System (CARDS). Under CARDS, financial brokers would have to regularly—at least daily—submit transaction records about their customers (not to mention personal information such as their net worth, investment objectives, employment information, and age). FINRA would then analyze the details of our IRAs, 401ks, and other parts of our financial lives in an attempt to identify suspicious behavior like insider trading or money laundering.
Why is the first response to any perceived threat to sacrifice Americans’ privacy and create another database to potentially spy on us? These systems have serious privacy implications and leave Americans vulnerable to invasive and unwarranted monitoring. CARDS is particularly alarming when you consider that FINRA fails to explain how this sensitive information will be used or whether it will be shared with other government agencies or non-government organizations. Will other government agencies have open access to the data? What types of analytics will form the basis for suspicion and how will they be verified for accuracy? Will the information be available for discovery by private litigants?
While FINRA did recently update its to bar the collection of certain personally identifiable information, that is little comfort if your transaction history is viewed as suspicious because the government can just go to the broker to identify you. It’s not clear that a system that collects such detailed data could truly guarantee anonymity. Combined with other available databases, information from the system could probably be easily reidentified. And a breach of such sensitive data—like those we’ve seen recently at Target, Neiman Marcus, and the University of Maryland—could be devastating to consumers.
Ordinary individual investors should be able to carry out their financial business without the government looking over their shoulder, and FINRA should remain strictly focused on monitoring and regulating brokerage firms and enforcing their compliance with regulations. Limiting overbroad information collection prevents government overreach and protects ordinary individuals from being caught up in expensive and potential devastating government investigations.