Privacy Act of 1974; System of Records, 104-106 [2017-28297]

Agencies

• Commodity Futures Trading Commission

[Federal Register Volume 83, Number 1 (Tuesday, January 2, 2018)]
[Notices]
[Pages 104-106]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-28297]


=======================================================================
-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION


Privacy Act of 1974; System of Records

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Commodity Futures Trading Commission (CFTC or Commission) 
is establishing a new system of records under the Privacy Act of 1974: 
CFTC-50, LabCFTC. LabCFTC is the focal point for the CFTC's efforts to 
promote responsible Financial Technology (FinTech) innovation and fair 
competition for the benefit of the American public. LabCFTC is designed 
to make the CFTC more accessible to FinTech innovators and serves as a 
platform to inform the Commission's understanding of new technologies. 
LabCFTC allows FinTech innovators to engage with the CFTC, learn about 
the CFTC's regulatory framework, and obtain feedback and information on 
the implementation of innovative technology ideas for the market. 
Further, LabCFTC functions as an information source for the Commission 
and the CFTC staff on responsible FinTech innovation that may influence 
policy development. LabCFTC allows FinTech innovators to engage with 
the CFTC, learn about the CFTC's regulatory framework, and obtain 
feedback and information on the implementation of innovative technology 
ideas for the market. New CFTC-50 addresses information collected from 
individuals who submit requests and other information to CFTC through 
LabCFTC.

DATES: Comments must be received on or before February 1, 2018. This 
action will be effective without further notice on February 1, 2018, 
unless revised pursuant to comments received.

ADDRESSES: You may submit comments identified as pertaining to 
``LabCFTC'' by any of the following methods:
     CFTC website: https://comments.cftc.gov. Follow the 
instructions for submitting comments through the Comments Online 
process on the website.
     Mail: Christopher Kirkpatrick, Secretary of the 
Commission, Commodity Futures Trading Commission, Three Lafayette 
Centre, 1155 21st Street NW, Washington, DC 20581.
     Hand Delivery/Courier: Same as Mail, above.
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
    Please submit your comments using only one method.
    All comments must be submitted in English, or if not, accompanied 
by an English translation. Comments will be posted as received to 
www.cftc.gov. You should submit only information that you wish to make 
available publicly. If you wish the Commission to consider information 
that you believe is exempt from disclosure under the Freedom of 
Information Act (FOIA), a petition for confidential treatment of the 
exempt information may be submitted according to the procedures 
established in Sec.  145.9 of the Commission's regulations, 17 CFR 
145.9.
    The Commission reserves the right, but shall have no obligation, to 
review, pre-screen, filter, redact, refuse, or remove any or all of a 
submission from www.cftc.gov that it may deem to be inappropriate for 
publication, such as obscene language. All submissions that have been 
redacted or removed that contain comments on the merits of the notice 
will be retained in the comment file and will be considered as required 
under all applicable laws, and may be accessible under the FOIA.

FOR FURTHER INFORMATION CONTACT: Chief Privacy Officer, 
[email protected], Office of the Executive Director, Commodity Futures 
Trading Commission, Three Lafayette Centre, 1155 21st Street NW, 
Washington, DC 20581.

SUPPLEMENTARY INFORMATION: 

I. LabCFTC

    The purpose of LabCFTC is twofold: First, to encourage responsible 
FinTech innovation in the markets the CFTC oversees, and second, to 
help accelerate Commission engagement with FinTech solutions that may 
enable the CFTC to carry out its mission responsibilities more 
effectively and efficiently. LabCFTC offers an additional, dedicated 
point of contact for FinTech innovators to engage with the CFTC, learn 
about the CFTC's regulatory framework, and obtain feedback on the 
implementation of innovative ideas for the market. Such feedback may 
include information that, particularly at an early stage, could help 
innovators/entities save time and money by helping them understand 
relevant regulations and the CFTC's oversight approach. LabCFTC also is 
designed to

[[Page 105]]

foster and increase the CFTC's familiarity with FinTech and its 
understanding of new technology that may have application within the 
CFTC's own operations through collaboration with FinTech industry and 
CFTC market participants. To accomplish CFTC's goals, LabCFTC will 
facilitate: The monitoring of trends and developments to ensure that 
CFTC's regulatory framework supports--and does not unduly impede--
responsible technological innovation; the promotion of information-
sharing about applications of FinTech, including potential use cases, 
benefits, risks, and solutions; the engagement with academia, students, 
and professionals on application of FinTech relevant in the CFTC space; 
and the CFTC's participation in studies and research that promote 
responsible FinTech innovation. Previously, this information was 
generally collected under CFTC-2, Commission Correspondence files.

II. The Privacy Act

    Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of 
records'' is defined as any group of records under the control of a 
Federal government agency from which information about individuals is 
retrieved by name or by some identifying number, symbol, or other 
identifying particular assigned to the individual. The Privacy Act 
establishes the means by which government agencies must collect, 
maintain, and use information about an individual in a government 
system of records.
    Each government agency is required to publish a notice in the 
Federal Register in which the agency identifies and describes each 
system of records it maintains, the reasons why the agency uses the 
information therein, the routine uses for which the agency will 
disclose such information outside the agency, and how individuals may 
exercise their rights under the Privacy Act.
    In accordance with 5 U.S.C. 552a(r), CFTC has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.
SYSTEM NAME AND NUMBER:
    LabCFTC; CFTC-50.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is located at the Commodity Futures Trading Commission, 
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

SYSTEM MANAGER(S):
    General Counsel, Commodity Futures Trading Commission, Three 
Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The collection of this information is authorized under 7 U.S.C. 
5(b), and the rules promulgated thereunder.

PURPOSE(S) OF THE SYSTEM:
    The information in the system is being collected to assist CFTC in 
communicating with interested parties to encourage responsible FinTech 
innovation in the markets CFTC oversees and to help accelerate 
Commission engagement with FinTech solutions that enable the CFTC to 
carry out its mission responsibilities more effectively and 
efficiently. The information collected facilitates communications with 
FinTech innovators and the CFTC to enable innovators to learn about the 
CFTC's regulatory framework and to obtain feedback and information on 
the implementation of technology ideas for the market. This information 
also may help initiate the adoption of new technology within the CFTC's 
own mission activities through collaboration with FinTech industry and 
CFTC market participants.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include individuals submitting 
requests or inquiries and other information to CFTC through LabCFTC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system of records includes information that may contain: 
Individual's name, physical address, telephone numbers (work, home, 
mobile), email addresses, employer, job title, relevant work 
experience, CFTC status (registrant, non-registrant), organization type 
(S Corporation, Limited Liability Corporation, etc.), and other 
business, business partner, or technology information that may be 
linked to an individual.

RECORD SOURCE CATEGORIES:
    Information in this system is obtained directly from the individual 
who is submitting the information.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    These records and information in these records may be used:
    (a) To disclose information to other financial regulators to 
facilitate regulatory discussions around technology innovations;
    (b) To disclose information to external committees that advise the 
CFTC on the impact and implications of technological innovations on 
financial services and the derivatives markets;
    (c) For use in conferences or other events consistent within the 
purpose of 7 U.S.C. 5(b);
    (d) To disclose in any administrative proceeding before the 
Commission, in any injunctive action authorized under the Commodity 
Exchange Act, or in any other action or proceeding in which the 
Commission or its staff participates as a party or the Commission 
participates as amicus curiae;
    (e) To disclose to Federal, State, local, territorial, Tribal, or 
foreign agencies for use in meeting their statutory or regulatory 
requirements;
    (f) To disclose to any ``registered entity,'' as defined in section 
1a of the Commodity Exchange Act, 7 U.S.C. 1, et seq. (``the Act''), to 
the extent disclosure is authorized and will assist the registered 
entity in carrying out its responsibilities under the Act. Information 
may also be disclosed to any registered futures association registered 
under section 17 of the Act to assist it in carrying out its self-
regulatory responsibilities under the Act, and to any national 
securities exchange or national securities association registered with 
the Securities and Exchange Commission to assist those organizations in 
carrying out their self-regulatory responsibilities under the 
Securities Exchange Act of 1934, 15 U.S.C. 78a, et seq.;
    (g) To disclose to anyone during the course of a Commission 
investigation if Commission staff has reason to believe that the person 
to whom it is disclosed may have further information about matters 
relevant to the subject of the investigation;
    (h) To disclose in a public report issued by the Commission 
following an investigation, to the extent that the disclosure is 
authorized under section 8 of the Commodity Exchange Act, 7 U.S.C. 12;
    (i) To disclose to contractors, grantees, volunteers, experts, 
students, and others performing or working on a contract, service, 
grant, cooperative agreement, or job for the Federal government when 
necessary to accomplish an agency function;
    (j) To disclose to Congress upon its request, acting within the 
scope of its jurisdiction, pursuant to the Commodity Exchange Act, 7 
U.S.C. 1 et seq., and the rules and regulations promulgated thereunder;
    (k) To disclose to appropriate agencies, entities, and persons when 
(1) the Commission suspects or has

[[Page 106]]

confirmed that there has been a breach of the system of records; (2) 
the Commission has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Commission 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Commission's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm; or
    (l) To disclose to another Federal agency or Federal entity, when 
the Commission determines that information from this system of records 
is reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The LabCFTC system of records stores records in this system 
electronically or on paper in secure facilities. Electronic records are 
stored on the Commission's secure network and other electronic media as 
needed, such as encrypted hard drives and back-up media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Certain information covered by this system of records notice may be 
retrieved by name, email address, physical address, or other unique 
individual identifiers, and other types of information by keyword 
search.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records for this system will be maintained until the National 
Archives approves the records disposition schedules for their 
disposition. After the schedules are approved, the records will be 
maintained in accordance with the retention periods in the schedules. 
All approved schedules are available at www.cftc.gov.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and physical security measures. 
Administrative safeguards include written guidelines on handling 
LabCFTC information. All CFTC personnel are subject to CFTC agency-wide 
procedures for safeguarding personally identifiable information and 
receive annual privacy and security training. Technical security 
measures within CFTC include restrictions on computer access to 
authorized individuals who have a legitimate need to know the 
information; required use of strong passwords that are frequently 
changed; multi-factor authentication for remote access and access to 
many CFTC network components; use of encryption for certain data types 
and transfers; firewalls and intrusion detection applications; and 
regular review of security procedures and best practices to enhance 
security. The technology also has a time-out function that requires 
users to re-access and input information if the time limit expires. 
Physical safeguards include restrictions on building access to 
authorized individuals, 24-hour security guard service, and maintenance 
of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:
    Individuals seeking to determine whether this system of records 
contains information about themselves or seeking access to records 
about themselves in this system of records should address written 
inquiries to the Office of General Counsel, Commodity Futures Trading 
Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 
20581. See 17 CFR 146.3 for full details on what to include in a 
Privacy Act access request.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of records about themselves 
contained in this system of records should address written inquiries to 
the Office of General Counsel, Commodity Futures Trading Commission, 
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 
17 CFR 146.8 for full details on what to include in a Privacy Act 
amendment request.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of any records about themselves 
contained in this system of records should address written inquiries to 
the Office of General Counsel, Commodity Futures Trading Commission, 
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 
17 CFR 146.3 for full details on what to include in a Privacy Act 
notification request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

    Issued in Washington, DC, on December 27, 2017, by the 
Commission.
Christopher J. Kirkpatrick,
Secretary of the Commission.
[FR Doc. 2017-28297 Filed 12-29-17; 8:45 am]
 BILLING CODE 6351-01-P