118 S2230 IS: Protecting Investors’ Personally Identifiable Information Act U.S. Senate 2023-07-11 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

II118th CONGRESS1st SessionS. 2230IN THE SENATE OF THE UNITED STATESJuly 11, 2023Mr. Kennedy (for himself, Mr. Boozman, Mr. Moran, Mr. Cotton, Mr. Daines, Mrs. Britt, Mr. Rounds, and Mr. Tuberville) introduced the following bill; which was read twice and referred to the Committee on Banking, Housing, and Urban AffairsA BILLTo prohibit the Securities and Exchange Commission from requiring that personally identifiable information be collected under consolidated audit trail reporting requirements, and for other purposes.

1.

Short title

This Act may be cited as the Protecting Investors’ Personally Identifiable Information Act.

2.

Personally identifiable information excluded from consolidated audit trail reporting requirements

(a)

Definitions

In this section: (1)

Commission

The term Commission means the Securities and Exchange Commission.(2)

Personally identifiable information

The term personally identifiable information—(A)means information that can be used to distinguish or trace the identity of an individual, either alone or when combined with other personal or identifying information that is linked or linkable to that individual, including the name, address, date or year of birth, Social Security number, telephone number, email address, or IP-address of the individual; and(B)does not include a CAT-Order-ID or CAT-Reporter-ID, as those terms are defined in section 242.613(j) of title 17, Code of Federal Regulations, or any successor regulation. (b)

Prohibition

Except as provided in subsection (c), the Commission may not require a national securities exchange, a national securities association, or a member of such an exchange or association to provide personally identifiable information with respect to a market participant to meet the requirements relating to an order or a reportable event under section 242.613(c)(7) of title 17, Code of Federal Regulations, or any successor regulation. (c)

Exception

The Commission may only require a national securities exchange, a national securities association, or a member of such an exchange or association to provide personally identifiable information with respect to a market participant, as described in subsection (b), if—(1)the Commission makes a request for that information; and(2)the information is related to an investigation of— (A)a violation of the Federal securities laws or a regulation issued under the Federal securities laws; or (B)an enforcement action with respect to a violation described in subparagraph (A).(d)

Request for extension

At the request of the Commission under subsection (c), a national securities exchange, a national securities association, or a member of such an exchange or association shall provide the personally identifiable information subject to that request not later than 24 hours after receiving that request, unless, at the request of that national securities exchange, national securities association, or member, the Commission provides a reasonable extension.(e)

Destruction of personally identifiable information

In the case of personally identifiable information provided to the Commission under subsection (c), the Commission shall destroy that information not later than 1 day after the conclusion of the investigation or other matter for which that information was required.