New legislation introduced Wednesday would prohibit the Securities and Exchange Commission from requiring that personally identifiable information be collected under its Consolidated Audit Trail, or CAT.
Rep. Barry Loudermilk, R-Ga., said Wednesday in introducing the Protecting Investors’ Personally Identifiable Information Act, H.R. 4551, that “the federal government has two huge problems when it comes to cybersecurity: they collect way too much personally identifiable information (PII), and they have a poor track record of protecting this information from hackers. Look no further than the 2021 SolarWinds hack, which saw more than 30,000 public and private organizations breached and is considered one of the largest cyber hacks in modern history.”
Ken Bentsen, president and CEO of the Securities Industry and Financial Markets Association, and Ellen Greene, managing director, Equity and Options Market Structure at SIFMA, warned in January that as of March 17, investors’ PII became available via the CAT.
Bentsen and Greene called the move a failure by the SEC to implement changes to protect investor privacy.
Loundermilk’s bill is co-sponsored by Reps. French Hill, R-Ark.; Bill Huizenga, R-Mich.; Ann Wagner, R-Mo.; Dan Meuser, R-Pa.; Young Kim, R-Calif.; and Zach Nunn, R-Iowa.
Sen. John Kennedy, R-La., has introduced companion legislation in the Senate.