The bill strengthens individual privacy and reduces data-handling burdens for exchanges by barring collection of certain PII in order/event reports, but it trades off regulator and law‑enforcement visibility and cross‑border investigatory effectiveness, potentially reducing traceability and consistent implementation.
Individual retail investors and other market participants will not have their names, addresses, SSNs, emails, phone numbers, or IP addresses collected in exchange order/reportable-event reports, reducing direct privacy intrusion.
Exchanges, associations, and their members face a lower risk that sensitive personal data will be exposed from reporting systems, reducing operational security and breach risks.
Exchanges, associations, and member firms will have a reduced compliance and data‑management burden because they no longer need to collect, store, and protect PII for these reports.
Regulators and investigators (including the SEC and law enforcement) will have reduced access to identifying information in reports, making it harder to detect, investigate, and trace market manipulation, fraud, or complex trading incidents and weakening investor accountability.
Cross-border investigations and cooperation with other jurisdictions may become more difficult if exchanges lack identity data in reports, hampering international enforcement of securities laws.
The bill could create ambiguity about what non‑PII linkage methods (e.g., coded identifiers) are permissible, risking inconsistent implementation across exchanges and limiting the usefulness of reports.
Based on analysis of 2 sections of legislative text.
Prevents the SEC from requiring exchanges, associations, or their members to provide listed PII about market participants for the cited order/reportable-event reports.
Prohibits the SEC from forcing national securities exchanges, associations, or their members to provide personally identifiable information (PII) about market participants to meet order or reportable-event reporting requirements under the cited regulation. Defines PII broadly to include name, address, birth date, SSN, phone, email, and IP address.
Official title: To prohibit the Securities and Exchange Commission from requiring that personally identifiable information be collected under consolidated audit trail reporting requirements, and for other purposes.
Introduced February 21, 2025 by Barry D. Loudermilk · Last progress February 21, 2025