Washington D.C. – U.S. Senator Katie Britt (R-Ala.) has joined Senator John Kennedy (R-La.) in reintroducing the Protecting Investors’ Personally Identifiable Information Act. The legislation seeks to prevent the Securities and Exchange Commission (SEC) from requiring brokers to submit investors’ personally identifiable information (PII) to the Consolidated Audit Trail (CAT).
The move follows an announcement earlier this month by the SEC, which granted an exemption from the reporting requirement for certain PII, including names, addresses, and years of birth, to the CAT. The proposed legislation aims to make this exemption permanent.
“The SEC’s Consolidated Audit Trail database holds millions of Americans’ sensitive financial information. Since taking office, I’ve pushed back against the profound risks the CAT poses to Americans’ individual liberty and personal privacy,” said Senator Britt. “The Protecting Investors’ Personally Identifiable Information Act would permanently prohibit the requirement of submitting personal information to the CAT, protecting American investors.”
Under the proposed legislation, the SEC would only be allowed to obtain personally identifiable information from investors on a case-by-case basis when needed for specific investigations. Additionally, the bill mandates that the SEC delete any PII once the relevant investigation or issue is resolved.
Senator Kennedy also raised concerns about data security risks associated with the SEC’s database. “Americans assume their private information is secure when they invest money in the U.S. stock market. However, the SEC’s unlawful Consolidated Audit Trail could put their data in jeopardy. My bill would protect American investors from foreign enemies and bad actors by preventing the SEC from collecting personal information it doesn’t need and storing it on a dangerous database,” Kennedy stated.
In October 2023, Senators Britt and Kennedy had previously urged the Government Accountability Office (GAO) to investigate potential risks, constitutional concerns, and privacy issues associated with the CAT. Senator Britt also called for the CAT to be withdrawn following a cybersecurity breach involving the SEC’s official account on X, which falsely announced the approval of Bitcoin exchange-traded funds (ETFs). Britt highlighted the incident as evidence of cybersecurity vulnerabilities within the SEC’s systems, emphasizing the potential risks posed by the CAT’s data collection efforts.
Furthermore, in September 2024, Senator Britt, alongside Senator Tom Cotton (R-Ark.) and 12 other Republican lawmakers, sent a letter to then-SEC Chair Gary Gensler, urging the immediate suspension of rule filings tied to the CAT.
The legislation represents the latest effort to address concerns over data privacy and security in financial markets, as lawmakers continue to debate the balance between regulatory oversight and the protection of investors’ personal information.
