Media Center

Access Bill TEXT

WASHINGTON D.C. – Today, Congressmen David Scott (GA-13) and Barry Loudermilk (GA-11), both senior members on the House Financial Services Committee (HFSC), filed legislation to strengthen cybersecurity standards and data protection protocols at the Securities and Exchange Commission (SEC). The bill would establish clear, uniform policies and procedures governing how the agency requests, handles, stores, and protects sensitive information obtained from investors, advisers, broker-dealers, and other market participants.

“The rise in cyber intrusions and data exposure incidents underscore the urgency in which the SEC must adopt strong, transparent, and uniform procedures that meet the moment,” said Congressman David Scott. “For years, market participants and cyber experts have warned Congress that the Commission, like many other financial regulators, does not have the modern, consistent cybersecurity safeguards in place to protect the highly sensitive information it collects. Continuing to rely on outdated data protection frameworks could significantly jeopardize the trust Americans have long placed on the U.S. financial system. The SEC Data Protection Act is an important and constructive step for implementing common sense reforms and guaranteeing regulators have a robust process in place when it comes to determining the necessity of highly sensitive, confidential information. Our proposal does not impede regulators from seeking the information they need, but it does ensure that the SEC meets basic, modern security standards consistent with best practices across the federal government and private sector.”

“I am proud to join my colleague, and fellow Georgian, David Scott in re-introducing the SEC Data Protection Act,” said Congressman Barry Loudermilk. “As a former small business owner and Air Force veteran with a background in IT and cybersecurity, I understand how critical it is to have hardened security infrastructure. Sadly, we have seen all too often that the federal government is the weakest link in the cybersecurity chain. The SEC Data Protection Act will bring the Commission’s cybersecurity infrastructure in line with industry best practices, provide vital oversight of the Commission’s cybersecurity posture going forward, and ensure that advisor-provided information is safe and secure.”

The SEC Data Protection Act of 2025 would ensure the Commission can prevent, detect, and respond to cybersecurity threats with modern tools, updated protocols, and greater internal accountability. More specifically, the bill:

• Requires the SEC to develop, adopt and regularly update data protection cybersecurity protocols consistent with federal best practices and NIST standards.
• Requires rulemaking to ensure integrity, security, and confidentiality of advisor-provided information.
• Narrowly targets scope governing adviser-supplied information, excluding broader SEC systems and filings.
• Bridges oversight gap with clarification of statutory basis for ongoing cybersecurity measures, which previously rested in administrative guidelines or informal practices.

List of Original Cosponsors: David Scott (D-GA), Barry Loudermilk (R-GA), Janelle Bynum (D-OR), Andre Carson (D-IN), Emanuel Cleaver (D-MO), Warren Davidson (R-OH), Scott Fitzgerald (R-WI), Bill Foster (D-IL), Vicente Gonzalez (D-TX), Josh Gottheimer (D-NJ), Jim Himes (D-CT), Young Kim (R-CA), Dan Meuser (R-PA), Maria Elvira Salazar (R-FL), Brad Sherman (D-CA) and Ann Wagner (R-MO)

Access Bill Text HERE.

###