MADISONVILLE, La. – U.S. Sen. John Kennedy (R-La.), a member of the Senate Banking Committee, has introduced the Protecting Investors’ Personally Identifiable Information Act, a bill aimed at preventing the Securities and Exchange Commission (SEC) from collecting investors’ personal information through its Consolidated Audit Trail (CAT) database.
The legislation seeks to prohibit brokers from submitting investors’ personally identifiable information (PII) to the SEC’s database, which critics argue poses significant cybersecurity risks. The bill follows an SEC order from the Trump administration that exempted certain investor details, such as names, addresses, and birth years, from CAT reporting. Kennedy’s measure would make this exemption permanent.
Protecting Investor Privacy
“Americans assume their private information is secure when they invest in the U.S. stock market. However, the SEC’s unlawful Consolidated Audit Trail could put their data in jeopardy,” said Kennedy. “My bill would protect American investors from foreign enemies and bad actors by preventing the SEC from collecting personal information it doesn’t need and storing it on a dangerous database.”
Rep. Barry Loudermilk (R-Ga.) introduced a companion bill in the House of Representatives, emphasizing that the SEC’s data collection is unconstitutional and unnecessary.
“The SEC’s collection of personal financial information through the Consolidated Audit Trail is entirely unnecessary and exposes American investors to serious cybersecurity risks,” Loudermilk said. “This bill would effectively eliminate both accidental and intentional data breaches by restricting the SEC’s collection of PII.”
Bipartisan Support and Industry Backing
The bill has garnered support from multiple senators, including John Boozman (R-Ark.), Katie Britt (R-Ala.), Tom Cotton (R-Ark.), Steve Daines (R-Mont.), Jerry Moran (R-Kan.), Pete Ricketts (R-Neb.), and Mike Lee (R-Utah).
Sen. Boozman underscored the cybersecurity concerns:
“Requiring brokers to submit investors’ private, identifiable information—including Social Security numbers—into a central database will invite more attempts to compromise Americans’ data privacy.”
The American Securities Association (ASA) has also endorsed the bill. ASA CEO Chris Iacovella praised Kennedy’s efforts:
“The SEC can conduct responsible oversight of equity markets without collecting the most sensitive personal information of working families, retirees, and savers. Senator Kennedy is a true champion for the American people.”
Concerns Over SEC’s CAT Database
The SEC’s Consolidated Audit Trail became operational on May 31, 2024, making it the largest government database of its kind. The database was created to track trading activity in the U.S. stock market and collect all customer and order information for equity securities and listed options.
However, critics argue that the database:
- Exposes investors to cyber threats in the event of a breach.
- Unnecessarily collects sensitive data, creating privacy concerns.
- Lacks safeguards to prevent misuse of personal financial information.
Key Provisions of Kennedy’s Bill
- Prohibits the SEC from requiring brokers to submit investors’ PII to the CAT.
- Allows the SEC to request PII on a case-by-case basis for investigations.
- Requires companies and investors to provide requested data within 24 hours, with an option to request additional time.
- Mandates the deletion of personally identifiable information once the SEC resolves the relevant investigation.
The bill comes amid increased scrutiny over federal agencies’ data security practices, following high-profile cyberattacks that have exposed vulnerabilities in government databases.
The full text of the bill is available here.