Privacy & Data Protection

Personal financial information is among the most sensitive data individuals possess — and safeguarding it is fundamental to maintaining trust in the U.S. capital markets. SIFMA and its members are deeply committed to protecting client information, ensuring secure data practices, and promoting clear, consistent privacy standards across the financial industry.

Key Focus Areas

Establishing a Federal Privacy and Data Breach Standard

SIFMA supports the creation of a federal preemptive privacy and data breach standard to ensure consistent protection of personal financial data nationwide.

Today, financial institutions comply with a complex web of federal and state privacy laws and regulations governing the use, sharing, and security of client information. While well-intentioned, this patchwork can lead to conflicting obligations and uneven treatment of customers depending on where they live or which entity holds their data.

A single, comprehensive federal framework would enhance investor protection, minimize confusion, and ensure all Americans benefit from the same high level of privacy and data security.

Managing Data Aggregation and Investor Access

Technology has transformed how investors manage their finances. Many now use third-party data aggregation tools to view multiple accounts in one place — offering convenience but also creating new risks if data are mishandled or misused.

SIFMA supports investors’ ability to access their financial information electronically in a safe, secure, and usable format. Investors should retain the right to securely access and share their financial information while protecting it from unauthorized use.

Laws and rules governing permissioned data sharing and aggregation should be measured, narrowly tailored approach that balances consumer access with privacy, data security, and market stability. SIFMA supports strong consumer data security protections that align with existing frameworks such as GLBA rather than establishing duplicative or inconsistent standards. Financial institutions should be allowed to set reasonable limits on data access—such as frequency or volume caps—to reduce operational strain and cybersecurity risk Financial institutions should not be prohibited from charging reasonable fees for providing secure data access to cover costs of the infrastructure needed for safe data transmission.

Securing Financial Data Sharing through Collaboration

SIFMA is a founding member of the Financial Data Exchange (FDX), a subsidiary of the FS-ISAC, established to develop technical standards for secure data aggregation.

FDX’s Durable Data API (DDA) creates a unified, secure approach for consumers and businesses to access and share financial data safely — reducing reliance on less secure methods like screen scraping. Through FDX, SIFMA members and fintech providers are working together to strengthen the integrity of data sharing across the ecosystem.

The Bottom Line

As financial services become increasingly digital, data is a new currency of trust. SIFMA and its members are committed to advancing strong, harmonized privacy protections and secure, transparent data-sharing frameworks — ensuring investors remain both empowered and protected in a rapidly evolving marketplace.