Protecting Investors’ Personally Identifiable Information Act

Protecting Investors' Personally Identifiable Information Act

This bill prohibits the Securities and Exchange Commission (SEC) from requiring a national securities exchange, association, or a member of either to provide a market participant's personally identifiable information to satisfy the reporting requirements of the Consolidated Audit Trail (i.e., data used to track market activity). However, this information must be provided to the SEC upon request if the information is related to a securities investigation. The SEC must destroy the information not later than one day after the conclusion of the matter for which this information was required.

Bill 118 s 2230, also known as the Protecting Investors’ Personally Identifiable Information Act, is a piece of legislation currently being considered by the US Congress. The main purpose of this bill is to enhance the protection of investors' personally identifiable information (PII) in the financial industry.

The bill aims to achieve this by requiring financial institutions to establish and maintain comprehensive written policies and procedures to safeguard the confidentiality and security of investors' PII. These policies and procedures must address various aspects of data security, such as encryption, access controls, and data retention practices.

Additionally, the bill requires financial institutions to notify investors in the event of a data breach that compromises their PII. This notification must be provided in a timely manner and include information on the nature of the breach, the types of information that were compromised, and any steps that investors can take to protect themselves from identity theft or fraud. Overall, the Protecting Investors’ Personally Identifiable Information Act seeks to strengthen the security and privacy of investors' PII in the financial industry, ultimately aiming to build trust and confidence in the financial system.