[Federal Register Volume 85, Number 213 (Tuesday, November 3, 2020)]
[Notices]
[Pages 69601-69603]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-24351]


=======================================================================
-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION


Privacy Act of 1974; System of Records

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The Commodity Futures Trading Commission (CFTC or Commission) 
is modifying CFTC-50, LabCFTC, a system of records under the Privacy 
Act of 1974.

DATES: In accordance with 5 U.S.C. 552(e)(4) and (11), this notice will 
go in to effect without further notice on November 3, 2020 unless 
otherwise revised pursuant to comments received. New routine uses will 
go in to effect on December 3, 2020. Comments must be received on or 
before December 3, 2020.

ADDRESSES: You may submit comments identified as pertaining to 
``LabCFTC'' by any of the following methods:
     CFTC Website: https://comments.cftc.gov. Follow the 
instructions for submitting comments through the Comments Online 
process on the website.
     Mail: Christopher J. Kirkpatrick, Secretary of the 
Commission, Commodity Futures Trading Commission, Three Lafayette 
Centre, 1155 21st Street NW, Washington, DC 20581.
     Hand Delivery/Courier: Same as Mail, above.
    Please submit your comments using only one method.
    All comments must be submitted in English, or if not, accompanied 
by an English translation. Comments will be posted as received to 
https://www.cftc.gov. You should submit only information that you wish 
to make available publicly. If you wish the Commission to consider 
information that you believe is exempt from disclosure under the 
Freedom of Information Act (FOIA), a petition for confidential 
treatment of the exempt information may be submitted according to the 
procedures established in Sec.  145.9 of the Commission's regulations, 
17 CFR 145.9.
    The Commission reserves the right, but shall have no obligation, to 
review, pre-screen, filter, redact, refuse, or remove any or all of a 
submission from https://www.cftc.gov that it may deem to be 
inappropriate for publication, such as obscene language. All 
submissions that have been redacted or removed that contain comments on 
the merits of the notice will be retained in the comment file and will 
be considered as required under all applicable laws, and may be 
accessible under the FOIA.

FOR FURTHER INFORMATION CONTACT: Chief Privacy Officer, Charlie 
Cutshall, 202-418-5833, [email protected], Office of the Executive 
Director, Commodity Futures Trading Commission, Three Lafayette Centre, 
1155 21st Street NW, Washington, DC 20581.

SUPPLEMENTARY INFORMATION: In service to the CFTC's goal of encouraging 
innovation and enhancing the regulatory experience for market 
participants at home and abroad, the CFTC established LabCFTC, an 
official operating office that reports directly to the Chairman of the 
Commission. LabCFTC's mission is to promote responsible innovation 
among the financial industry, stakeholders, and policymakers by:
     Advancing policy and regulation in financial innovation;
     Facilitating dialogue between innovators and those within 
the CFTC on financial and technological innovations;
     Educating internal and external stakeholders on financial 
technology and innovation in the financial markets to identify how 
innovations are being used; and
     Coordinating internally and externally with International, 
Federal, and State regulators, organizations, and associations.
    LabCFTC is designed to make the CFTC more accessible to FinTech 
innovators and serves as a platform to inform the Commission's 
understanding of new technologies. LabCFTC allows FinTech innovators to 
engage with the CFTC, learn about the CFTC's regulatory framework, and 
obtain feedback and information on the implementation of innovative 
technology ideas for the market. Further, LabCFTC functions as an 
information source for the Commission and CFTC staff on responsible 
FinTech innovation that may influence policy development. LabCFTC 
allows FinTech innovators to engage with the CFTC, learn about the 
CFTC's regulatory framework, and obtain feedback and information on the 
implementation of innovative technology ideas for the market.

[[Page 69602]]

I. Modifications to CFTC-50, LabCFTC

    The Commodity Futures Trading Commission (CFTC or Commission) is 
modifying CFTC-50, LabCFTC, a system of records under the Privacy Act 
of 1974, to include information collected under the American Innovation 
and Competitiveness Act (AICA), Public Law 114-329. The notice modifies 
the categories of individuals to include individuals participating in 
and supporting competitions and adds two routine uses to cover--(1) the 
disclosure of records to competition judges and (2) to cover the 
disclosure of competition results to the public. In addition, the 
Commission is taking this opportunity to update the policies and 
practices for retention and disposal of records to include the 
disposition authority number.

II. The Privacy Act

    Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of 
records'' is defined as any group of records under the control of a 
Federal government agency from which information about individuals is 
retrieved by name or by some identifying number, symbol, or other 
identifying particular assigned to the individual. The Privacy Act 
establishes the means by which government agencies must collect, 
maintain, and use information about an individual in a government 
system of records.
    Each government agency is required to publish a notice in the 
Federal Register in which the agency identifies and describes each 
system of records it maintains, the reasons why the agency uses the 
information therein, the routine uses for which the agency will 
disclose such information outside the agency, and how individuals may 
exercise their rights under the Privacy Act.
    In accordance with 5 U.S.C. 552a(r), CFTC has provided a report of 
this modified system of records to the Office of Management and Budget 
and to Congress.

SYSTEM NAME AND NUMBER:
    LabCFTC; CFTC-50.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is located at the Commodity Futures Trading Commission, 
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

SYSTEM MANAGER(S):
    Office of the Charmain, Commodity Futures Trading Commission, Three 
Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The collection of this information is authorized under 7 U.S.C. 
5(b), and the rules promulgated thereunder. Information collected to 
facilitate competitions is authorized under the American Innovation and 
Competitiveness Act (AICA) Public Law 114-329.

PURPOSE(S) OF THE SYSTEM:
    The information in the system is being collected to assist CFTC in 
communicating with interested parties to encourage responsible FinTech 
innovation in the markets CFTC oversees and to help accelerate 
Commission engagement with FinTech solutions that enable the CFTC to 
carry out its mission responsibilities more effectively and 
efficiently. The information collected facilitates communications 
between FinTech innovators and the CFTC to enable innovators to learn 
about the CFTC's regulatory framework and to obtain feedback and 
information on the implementation of technology ideas for the market. 
This information also may help initiate the adoption of new technology 
within the CFTC's own mission activities through collaboration with 
FinTech industry and CFTC market participants.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include individuals submitting 
requests or inquiries and other information to CFTC through LabCFTC and 
individuals participating in, and supporting competitions held by 
LabCFTC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system of records includes information that contains: 
Individual's name, physical address, telephone numbers (work, home, 
mobile), email addresses, employer, job title, relevant work 
experience, CFTC status (registrant, non-registrant), organization type 
(S Corporation, Limited Liability Corporation, etc.), and other 
business, business partner, or technology information that may be 
linked or linkable to an individual.

RECORD SOURCE CATEGORIES:
    Information in this system is obtained directly from the individual 
who is submitting the information.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    These records and information in these records may be used: (a) To 
disclose information to other financial regulators to facilitate 
regulatory discussions around technology innovations; (b) To disclose 
information to external committees that advise the CFTC on the impact 
and implications of technological innovations on financial services and 
the derivatives markets; (c) to disclose during conferences or other 
events consistent within the purpose of 7 U.S.C. 5(b); (d) To disclose 
to competition judges who may include: staff from other federal 
agencies, or regulatory authorities (state, non-US government, inter-
governmental); business/industry participants; academics; and 
individual experts; (e) To disclose certain competition result 
information to the public; (f) To disclose in any administrative 
proceeding before the Commission, in any injunctive action authorized 
under the Commodity Exchange Act, or in any other action or proceeding 
in which the Commission or its staff participates as a party or the 
Commission participates as amicus curiae; (g) To disclose to Federal, 
State, local, territorial, Tribal, or foreign agencies for use in 
meeting their statutory or regulatory requirements; (h) To disclose to 
any ``registered entity,'' as defined in section 1a of the Commodity 
Exchange Act, 7 U.S.C. 1, et seq. (``the Act''), to the extent 
disclosure is authorized and will assist the registered entity in 
carrying out its responsibilities under the Act. Information may also 
be disclosed to any registered futures association registered under 
section 17 of the Act to assist it in carrying out its self-regulatory 
responsibilities under the Act, and to any national securities exchange 
or national securities association registered with the Securities and 
Exchange Commission to assist those organizations in carrying out their 
self-regulatory responsibilities under the Securities Exchange Act of 
1934, 15 U.S.C. 78a, et seq.; (i) To disclose to anyone during the 
course of a Commission investigation if Commission staff has reason to 
believe that the person to whom it is disclosed may have further 
information about matters relevant to the subject of the investigation; 
(j) To disclose in a public report issued by the Commission following 
an investigation, to the extent that the disclosure is authorized under 
section 8 of the Commodity Exchange Act, 7 U.S.C. 12; (k) To disclose 
to contractors, grantees, volunteers, experts, students, and others 
performing or working on a contract, service, grant, cooperative 
agreement, or job for the Federal government when necessary to 
accomplish an agency function; (l) To disclose to Congress upon its 
request,

[[Page 69603]]

acting within the scope of its jurisdiction, pursuant to the Commodity 
Exchange Act, 7 U.S.C. 1 et seq., and the rules and regulations 
promulgated thereunder; (m) To disclose to appropriate agencies, 
entities, and persons when (1) the Commission suspects or has confirmed 
that there has been a breach of the system of records; (2) the 
Commission has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Commission 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Commission's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm; or (n) To disclose to another Federal agency or Federal entity, 
when the Commission determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The LabCFTC system of records stores records in this system 
electronically or on paper in secure facilities. Electronic records are 
stored on the Commission's secure network and other electronic media as 
needed, such as encrypted hard drives and back-up media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information covered by this system of records notice may be 
retrieved by name, email address, physical address, or other unique 
individual identifiers using a keyword search.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system will be maintained in accordance with the 
External Outreach--Education, Awareness, and Innovation records 
schedule, which requires that records be closed at the end of the 
calendar year and then destroyed seven years after closed. The 
disposition authority number is DAA-0180-2018-0007-0002.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and physical security measures. 
Administrative safeguards include written guidelines on handling 
LabCFTC information. All CFTC personnel are subject to CFTC agency-wide 
procedures for safeguarding personally identifiable information and 
receive annual privacy and security training. Technical security 
measures within CFTC include restrictions on computer access to 
authorized individuals who have a legitimate need to know the 
information; required use of strong passwords that are frequently 
changed; multi-factor authentication for remote access and access to 
many CFTC network components; use of encryption for certain data types 
and transfers; firewalls and intrusion detection applications; and 
regular review of security procedures and best practices to enhance 
security. The technology also has a time-out function that requires 
users to re-access and input information if the time limit expires. 
Physical safeguards include restrictions on building access to 
authorized individuals, 24-hour security guard service, and maintenance 
of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:
    Individuals seeking to determine whether this system of records 
contains information about themselves or seeking access to records 
about themselves in this system of records should address written 
inquiries to the Office of General Counsel, Commodity Futures Trading 
Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 
20581. See 17 CFR 146.3 for full details on what to include in a 
Privacy Act access request.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of records about themselves 
contained in this system of records should address written inquiries to 
the Office of General Counsel, Commodity Futures Trading Commission, 
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 
17 CFR 146.8 for full details on what to include in a Privacy Act 
amendment request.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of any records about themselves 
contained in this system of records should address written inquiries to 
the Office of General Counsel, Commodity Futures Trading Commission, 
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 
17 CFR 146.3 for full details on what to include in a Privacy Act 
notification request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    A previous version of this SORN was published in the Federal 
Register on January 2, 2018 at 83 FR 104.

    Issued in Washington, DC, on October 29, 2020, by the 
Commission.
Robert Sidman,
Deputy Secretary of the Commission.
[FR Doc. 2020-24351 Filed 11-2-20; 8:45 am]
BILLING CODE 6351-01-P