U.S. Rep. Barry Loudermilk (R-GA) introduced legislation that would prohibit the Securities and Exchange Commission (SEC) from requiring that personally identifiable information be collected under consolidated audit trail reporting requirements.
The bill, Protecting Investors’ Personally Identifiable Information Act (H.R. 1483), would eliminate the potential for both accidental and intentional breaches by restricting the SEC’s automatic collection of investors’ PII.
Further, the bill also says the SEC will only be permitted to request this data in cases directly tied to investigating or enforcing violations of federal securities law.
“The SEC’s collection of personal financial information through the Consolidated Audit Trail is unconstitutional and entirely unnecessary; and it exposes American investors to serious cybersecurity risks from foreign adversaries and criminal hackers. This is why I developed the Protecting Investors’ Personally Identifiable Information Act in the House,” Loudermilk said.
U.S. Sen. John Kennedy (R-LA) introduced a companion bill, S. 658, in the U.S. Senate.
“Americans assume their private information is secure when they invest money in the U.S. stock market. However, the SEC’s unlawful Consolidated Audit Trail could put their data in jeopardy. My bill would protect American investors from foreign enemies and bad actors by preventing the SEC from collecting personal information it doesn’t need and storing it on a dangerous database,” Kennedy said.
The legislation is supported by both the American Securities Association and the Securities Industry and Financial Markets Association (SIFMA).
“Consistent with the recent exemption provided by the Securities and Exchange Commission (SEC), this important legislation would protect investors’ PII from being reported to the Consolidated Audit Trail (CAT), which is the largest database of retail and institutional trading ever created and is a ripe target for cyber criminals,” SIFMA President and CEO Kenneth Bentsen, Jr. said. “For a decade, SIFMA has consistently provided alternatives to collecting such data that still address the SEC’s enforcement concerns. We commend this bicameral effort to codify the SEC’s recent exemption from the requirement to report certain PII to the CAT, and we look forward to working with Congress to enact this critical bill and ensure investors’ PII is protected.”