Digital Asset Exchange Data Exposure Invites Consideration

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

On November 1, 2019, Digital Asset Exchange BitMEX announced that a substantial volume of its customers’ email addresses had been inadvertently leaked in email communications.  While the precise nationalities and identities of these customers remain unknown, news reports in the past year suggest BitMEX has been under investigation by the Commodity Futures Trading Commission (“CFTC”) for permitting U.S. persons to trade on its exchange platform, which does not appear to be registered with financial regulators in any jurisdiction.  While some in the digital asset community may view lack of registration as lending credence to an entity’s blockchain bona fides, this client alert suggests that registration – or, at least, compliance with its attendant regulatory requirements – might have allowed BitMEX to avoid the legal and reputational harm that has befallen it.

Perhaps CFTC or SEC registration could have prevented disclosure of BitMEX’s customer data. CFTC Regulation 160.30 (17 C.F.R. § 160.30) would have mandated that BitMEX adopt “administrative, technical, and physical” safeguards to protect customers’ data privacy, and Regulation 166.3 would have required “diligent” supervision of all employees to ensure the presence and implementation of adequate controls aimed at this end.  If BitMEX were registered with the SEC as an Alternative Trading System, SEC Regulation S-P would have imposed similar requirements.  Though any registrant could willfully fail to comply with these mandates, the mere fact of registration and the applicability of these legal measures create greater likelihood of compliance.

Other entities may determine, as BitMEX appears to have, that the costs and burdens of registration are prohibitive.  Beyond subjecting BitMEX to the required compliance controls for registrants, registration would also mean that the recent customer data disclosure could carry regulatory consequences for any compliance failures that contributed to it.  Of course, such entities may also note that that beyond any legal consequences arising from this event, BitMEX has suffered opprobrium for its data leak in the digital asset community, with market participants describing its conduct as “outrageously incompetent” and an “utter disgrace.”  If such criticisms reflect the digital asset market’s prevailing attitude toward data privacy weakness at service providers, regardless of registration status, then implementing privacy controls may eventually be as much about maintaining good press as it is regulatory compliance.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BCLP | Attorney Advertising

Written by:

BCLP
BCLP
Contact
more
less

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide