Sponsors (9)
The bill improves privacy protections for market participants' personal data by restricting SEC access and requiring destruction, but it introduces compliance and operational burdens that may slow enforcement and increase costs.
Financial institutions' customers and market participants will face reduced risk of their personal data being retained or misused because the bill limits SEC access to PII and requires prompt destruction.
Market participants (including investors and firms) retain stronger privacy and control over personal data because exchanges cannot be compelled to disclose PII except for investigations.
The SEC and investors could experience slower investigations and enforcement because the bill adds compliance steps (e.g., 24-hour delivery windows and mandated destruction timelines) that constrain evidence handling.
Exchanges and their members must incur operational and security costs to handle, store, transmit, and rapidly destroy PII on short notice, costs that could be passed on to customers.
Based on analysis of 2 sections of legislative text.
Prevents the SEC from requiring exchanges or members to provide market participants' PII for CAT reporting except when the SEC requests it for an investigation, with 24-hour delivery and one-day destruction after the matter ends.
Prohibits the SEC from requiring national securities exchanges, national securities associations, or their members to provide personally identifiable information (PII) about market participants as part of consolidated audit trail (CAT) order/reportable-event reporting, except when the SEC itself requests PII for a securities-law investigation or related enforcement matter. When the SEC requests PII under that exception, the exchange, association, or member must deliver it within 24 hours (subject to a reasonable extension from the SEC), and the SEC must destroy the PII no later than one day after the investigation or matter concludes.
Introduced February 20, 2025 by John Neely Kennedy · Last progress February 20, 2025