CFTC concludes first part of Data Protection Initiative

The initiative is designed to help the commission enhance its internal data protection measures. The first part of the project, called the “scope” exercise, involved updating the inventory of all the data inflows reported to the agency. This data catalogue includes the type of entity serving as the data submitter, category of data reported, primary CFTC data user, technology or interface by which it is collected, whether the collection is ad-hoc or recurring, and the frequency of submission. “Cybersecurity is one of the most significant risks to the safety and soundness of the global financial system. The completion of an updated Data Catalogue is a key step in supporting the best data protection approach possible,” CFTC Chairman J. Christopher Giancarlo said. “I was pleased when Commissioner Stump identified this challenge early on in her time at the CFTC and the agency readily provided resources to augment her leadership on this issue. I wish her the best of luck as she continues on this path to minimize the agency’s cyber risk profile.” This is the first of five parts of the Data Protection Initiative. “We must identify the various use-cases of each data stream and consider the sensitivity of the data collection in light of the regulatory value. Then consideration should be given as to whether its collection should continue by comparing the sensitivity of information to its value to the Commission,” Stump said.