According to a statement issued by CFTC Commissioner Dawn Stump, the initiative was introduced to improve the CFTC's approach to protection of the data it receives. With step one complete, the CFTC will now consider the use-case for collecting each data set by comparing the sensitivity of the information to its regulatory value. If the CFTC determines that there is a "demonstrable use-case" for collecting a particular data set, the agency will then:
review the data collection process and consider alternative modes of access for sensitive data;
evaluate security safeguards and internal controls, storage procedures, encryption formatting, permission access and usage tracking;
examine agency response to a security breach; and
assess how the agency stores sensitive data and update data destruction policies, as necessary.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.