ASA Sues Over SEC Audit Trail Privacy

They say it isn’t official until it’s on Facebook. Well, in trading it might be official if you’re being sued about it.

Equity market advocacy group The American Securities Association has filed a lawsuit against the Securities and Exchange Commission to halt the collection and warehousing of investor private and personal data via the Consolidated Audit Trail or CAT.

Ron Kruszewski, ASA

The ASA bills itself as a group whose mission it is to promote investor trust and confidence and to help small businesses access the capital markets.

In a statement, the ASA said the purpose of the legal challenge was to “protect America’s retail investors from identity theft and safeguard their right to privacy by stopping the collection of any of their personally identifiable information (PII) by the CAT database.” ASA also announced the launch of, and released a new digital ad campaign, to mobilize all American investors to help stop the collection of their most sensitive personal information.

“The ASA supports the implementation of the CAT and believes it will be beneficial to our securities markets,” said ASA Chairman Ron Kruszewski. “However, the ASA firmly believes that the collection of investors’ PII into a centralized database is an unnecessary and substantial risk to the privacy of American investors. There can be no reasonable cost benefit analysis which supports risking investors’ privacy, especially when this data is currently available today on a when-needed basis. This lawsuit is not about market surveillance, but instead about protecting the privacy of American investors.”

The ASA remains a supporter of the CAT to surveil the markets but wants the risk of cybertheft eliminated or reduced as much as possible.

Jim Toes, STA

Jim Toes, Chief Executive Officer at the Security Traders Association told Traders Magazine that he felt the SEC appreciates the security concerns associated with collecting investor information on transaction data.

“It is important to note that while the SEC is responsible for the CAT specifications, it is FINRA CAT who is actually building the data warehouse,” Toes said.

FINRA, builder of the audit trail, did not immediately return emails requesting comment for this story.

The lawsuit, Case No. 20-1157, filed on May 15 in the District of Columbia Court of Appeals, the ASA requests that users do not have to provide the CAT with either dates of birth, Social Security Numbers or taxpayer ID numbers. It further asks for an alternative approach to identifying people. The ASA suggests that a new alternative identifier – the CCID – be created by the Chief Information Security Officer of the CAT or the CISO from plan participants agree in concert with SIFMA and other security experts.

The ASA added in the filing that participants in the CAT NMS Plan feel the cost of coming up with an alternative and eliminating the SSN or Taxpayer ID collection wouldn’t harm the operation of the CAT.