SIFMA Urges SEC to Protect PII on the CAT
SIFMA urged the SEC to prohibit self-regulatory organizations ("SROs") from bulk downloading retail customers' personally identifiable information ("PII") from the Consolidated Audit Trail ("CAT").
As previously covered, SEC Chair Jay Clayton directed SEC staff to identify measures to strengthen the security of CAT data. In its comment letter, SIFMA expressed concern as to the protection of retail customer data held by the CAT. SIFMA argued that it is "inconceivable" that the SEC would permit numerous SROs to download in bulk customer and transaction data.
SIFMA urged the SEC to, among other recommendations:
- promote input from firms on safeguarding retail customers' PII data to help bolster the security of CAT data;
- clarify what constitutes appropriate usage of CAT data;
- amend the CAT plan to require that the SROs use a secure analytics workspace ("SAW") approach, obligating the SROs to access all CAT data from within the CAT security perimeter so that no data leaves the CAT;
- amend the CAT plan to restrict each exchange's access to CAT data in the SAW to provide that an exchange can only see data for trading activity conducted on that exchange, except where there is a "limited and well-defined regulatory purpose"; and
- implement additional oversight measures.
Related Articles
-
SEC staff issued no-action relief from Consolidated Audit Trail requirements in order to enable broker-dealers to implement COVID-19 contingency plans.
-
The SEC approved a national market system plan for the Consolidated Audit Trail, a comprehensive database for all trading activity in the U.S. equity and options markets.