LegisTrack
Back to all bills
HR 1483119th CongressIn Committee

Protecting Investors’ Personally Identifiable Information Act

Introduced: Feb 21, 2025
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

This bill, titled the Protecting Investors’ Personally Identifiable Information Act, would prohibit the Securities and Exchange Commission (SEC) from requiring the collection of personally identifiable information (PII) for Consolidated Audit Trail (CAT) reporting. Specifically, it would bar exchanges, national securities associations, or their members from providing PII to satisfy CAT-related order or reportable-event requirements under the SEC’s CAT rule (17 CFR 242.613(c)(7) or successor). The bill also defines PII to include common identifiers such as name, address, date of birth, Social Security number, phone number, email, and IP address. In short, the bill aims to limit the data about individuals that can be demanded for market surveillance reporting, focusing instead on non-identifying data. Potential effects include stronger privacy protections for market participants and investors, reduced risk of data breaches involving sensitive information, and potential changes to how market surveillance and oversight are conducted. However, it could also constrain the SEC’s ability to identify individuals or trace activity to a specific person in some enforcement or oversight scenarios, depending on how CAT data is adjusted to comply with the bill.

Key Points

  • 1Prohibits the SEC from requiring PII from exchanges, registrants, or members to meet CAT reporting requirements tied to orders or reportable events under CAT (17 CFR 242.613(c)(7)).
  • 2Defines “personally identifiable information” as data that can distinguish or trace an individual's identity, alone or when linked with other information, including name, address, date of birth, Social Security number, phone number, email, and IP address.
  • 3Applies specifically to national securities exchanges, national securities associations, and their members; targets the CAT data collection relevant to orders and reportable events.
  • 4Does not repeal all SEC authority or CAT requirements—rather, it limits the types of data that may be required, potentially allowing non-PII data to be collected.
  • 5Could influence how market surveillance and enforcement programs operate, balancing privacy protections with the need for market oversight.

Impact Areas

Primary group/area affected- Investors and market participants (retail and institutional): fewer data points containing direct identifiers; reduced risk of privacy breaches.Secondary group/area affected- Exchanges, national securities associations, broker-dealers, and other CAT data reporters: altered data submission obligations; potential need to adjust data systems to ensure CAT reporting complies without PII.Additional impacts- SEC and other regulators: potential changes to surveillance and enforcement capabilities if PII is restricted; possible shifts toward non-PII or anonymized data.- Privacy and data security: enhances protection for individuals’ personal information; could interact with existing privacy laws and data-security practices.- Operational and compliance considerations: may affect costs, data governance, and technical implementation for CAT reporting systems.
Generated by gpt-5-nano on Nov 1, 2025