Logo Home

SEC Data Protection Act

#6161 | HR Congress #119

Subjects:

Last Action: Referred to the House Committee on Financial Services. (11/19/2025)

Bill Text Source: Congress.gov

Summary and Impacts
Original Text

Bill Summary

The "SEC Data Protection Act" aims to enhance the security of sensitive information received by the Securities and Exchange Commission (SEC) from investment advisers. It amends the Investment Advisers Act of 1940 by requiring the SEC to establish data protection policies within one year of the bill’s enactment. These policies must ensure the confidentiality and proper handling of nonpublic proprietary information. Specifically, the SEC is tasked with creating procedures that address when it requests such information, safeguarding the data based on its sensitivity, limiting access to authorized personnel, and protecting against unauthorized use or disclosure. This legislation seeks to bolster trust and security in the handling of sensitive financial data by the SEC.

Possible Impacts

Here are three examples of how the SEC Data Protection Act could affect people:

1. **Increased Data Security for Investment Advisers**: Investment advisers will benefit from enhanced data protection policies mandated by the Act. By requiring the SEC to implement specific safeguards for sensitive proprietary information, advisers can feel more secure about sharing their data with the Commission without the fear of it being misused or disclosed unlawfully. This could lead to increased trust in regulatory processes and encourage more open communication between advisers and regulators.

2. **Enhanced Consumer Protection**: The legislation aims to protect sensitive information that may impact investors and clients of investment advisers. By ensuring that proprietary data is safeguarded against unlawful use or disclosure, the Act could help prevent data breaches that might expose personal financial information. This enhanced protection can lead to greater consumer confidence in the investment advisory industry, as clients may feel more secure knowing that their information is being handled responsibly.

3. **Regulatory Compliance Costs**: The SEC will need to develop and implement new data protection policies, which may lead to increased operational costs for the Commission. These costs could impact the broader financial market, particularly if compliance requirements for investment advisers become more stringent or if the SEC increases fees to cover the expenses associated with enhanced data protection measures. Ultimately, such changes could lead to higher costs for investment advisers, which may be passed on to consumers in the form of increased fees for advisory services.

[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6161 Introduced in House (IH)]

<DOC>






119th CONGRESS
  1st Session
                                H. R. 6161

To amend the Investment Advisers Act of 1940 to require the Securities 
     and Exchange Commission to adopt data protection policies for 
 information the Commission receives from investment advisers, and for 
                            other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           November 19, 2025

 Mr. David Scott of Georgia (for himself, Mr. Loudermilk, Mr. Foster, 
Mrs. Wagner, Mr. Sherman, Mr. Meuser, Mr. Gottheimer, Mr. Davidson, Mr. 
 Cleaver, Mrs. Kim, Mr. Himes, Mr. Fitzgerald, Mr. Vicente Gonzalez of 
    Texas, Ms. Salazar, Ms. Bynum, Ms. De La Cruz, and Mr. Carson) 
 introduced the following bill; which was referred to the Committee on 
                           Financial Services

_______________________________________________________________________

                                 A BILL


 
To amend the Investment Advisers Act of 1940 to require the Securities 
     and Exchange Commission to adopt data protection policies for 
 information the Commission receives from investment advisers, and for 
                            other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``SEC Data Protection Act''.

SEC. 2. PROCEDURE FOR DATA PROTECTION.

    Section 204 of the Investment Advisers Act of 1940 (15 U.S.C. 80b-
4) is amended by adding at the end the following:
    ``(g) Data Protection Policies.--Not later than 1 year after the 
date of enactment of this subsection, the Commission shall adopt, after 
notice and comment, policies and procedures reasonably designed to 
protect sensitive, nonpublic proprietary information, as determined by 
the Commission, that the Commission obtains or receives from an 
investment adviser subject to this section, from unlawful use or 
disclosure. Such policies and procedures shall--
            ``(1) address circumstances when the Commission requests 
        such proprietary information;
            ``(2) safeguard the information, taking into consideration 
        the level of sensitivity of the information;
            ``(3) limit access to the information to appropriate staff, 
        as determined by the Commission; and
            ``(4) protect the information from unlawful use or 
        disclosure.''.
                                 <all>