Follow Us:
Print // Bookmark

Appendix 7 – Privacy Policy for the CFTC Web Site

Table of Contents >

Web Site Privacy Policy

The privacy of visitors to the CFTC Web site is of the utmost importance to the Commission. You are not required to give us any personal information to visit our Web site. While we automatically collect certain data for statistical purposes, that data does not include your name, mailing or email address.

Information Collected and Stored Automatically

If you visit the CFTC Web site to read or download information, such as press releases or publications, we will collect and store certain technical information about your visit. We do not collect your name, email, mailing address or similar identifying information. We only collect the following:

We use this information to measure the number of visitors to the different sections of the CFTC Web site, assess system performance and to help us make the Web site more useful to our visitors. In the event of a computer security incident, such data may be manually analyzed to allow computer security specialists to identify Internet service providers and, in extreme cases, to attempt to identify the specific computer and individual involved in an attack on the CFTC's site. The information below on "Intrusion Detection Monitoring" further explains this.


The information being collected automatically, as explained above, is collected through the use of "session cookies" set through Google Analytics. "Session cookies" are small bits of text placed on a user's hard drive for the duration of a web session, i.e., for as long as your browser is accessing the CFTC Web site at one time. As soon as you close the CFTC Web site, the cookie expires.

The CFTC does not use "persistent cookies," which are small bits of text saved on a user's hard drive in order to identify that user, or information about that user, the next time the user logs on the a Web  site. However, for some videos that are visible on or available on YouTube, a "persistent cookie" may be set by the third party providers when you click to play the video.

If You Choose to Send Us Personal Information

You may choose to send us information which personally identifies you. For example, you may  complete an on-line form, send a complaint concerning a regulated person or entity, report suspicious activity, send a comment or input on a proposed rule, or email the CFTC through the Web site. Such information is used to respond to your request and to help us get you the information you have requested. We also use the information for the specific purposes identified on each form or on the web page requesting information.

For example, if you send us a comment letter on a proposed rule, that letter becomes part of the CFTC’s comment file and generally is available to the public. The comments help the CFTC and other members of the public evaluate proposed Commission actions. If you register on and submit large trader data through the Position Entry for Reportable Traders application (PERT Online), this data will be used by the Commission for market oversight, e.g., oversight of trader activities and enforcement of speculative position limits.

You may submit other forms to us, such as Freedom of Information Act requests or requests for correction of information.  Such forms may contain information that CFTC staff use to track and respond to your request. Information you provide to the CFTC Division of Enforcement on our Report Suspicious Activities or Information form may be shared with other law enforcement or other Federal agencies when appropriate.

Sharing of Your Information

The personal information you choose to provide to us will be shared with CFTC employees and contractors who need to know the information in the course of their official duties. Such employees and contractors are subject to confidentiality restrictions to protect your personal information. The information may also be shared by the CFTC with third parties to advance the purpose for which you provide the information, including other federal or state government agencies. For example, if you report suspicious activity that suggests a violation of the Commodity Exchange Act, the information you have provided may be shared with other Federal or state authorities. In this situation, the primary use of your personally identifiable information would be to enable the government to contact you in the event we have questions regarding the information you have reported.

Under certain circumstances, the CFTC may be required by law to disclose information you submit to other authorities for official purposes, for example, to respond to a Congressional inquiry or subpoena.

When you choose to send e-mail to the CFTC, you are consenting to the CFTC using the information provided therein, including personally identifiable information, in accordance with this notice, unless you expressly state in the email your objection to any use.

Linking to Other Web sites

We provide links to Federal and non-Federal Web sites if we think they may be useful to our visitors or necessary for the performance of agency functions. This includes commercial Web sites such as Facebook, Twitter, Flickr and YouTube.

When you follow a link to a non-CFTC Web site, you will first be directed to a web page that reminds you that you are leaving and that the Web site you are about to visit is not endorsed by the CFTC. These other Web sites are not within the CFTC’s control. The CFTC does not guarantee the accuracy or completeness of any information on these sites. Be aware that the privacy protection provided to you on may not be available at the external link. Once you link to another site, you are subject to the policies of that site.

Use of Social Media Sites

The CFTC uses Twitter, Facebook, Flickr, YouTube and other Social Media Sites as additional ways to provide information to the public and fulfill its mission of protecting market participants and the commodity and futures markets from fraud, manipulation and abusive practices. Flickr and YouTube allow the CFTC to post pictures and videos that may be of interest to the public. Facebook allows the Commission to reach out to a different audience, those who may not seek out Twitter allows us to post microblogs known as "tweets," i.e., text-based posts of up to 140 characters. The tweets allow our Office of Public Affairs to quickly notify reporters, the public and other "followers" of a new press release, upcoming event or other information of interest.

Using these media, the CFTC will only collect, maintain, or disseminate personally identifiable information (PII) found on Social Media Sites (SMS) in two situations.

One, for Public Affairs purposes, comments about the CFTC on SMS pages may be reviewed internally, and for newsworthy posts, included in internally-circulated daily news clips with the author's name and affiliated organization if publicly-available. Two, for enforcement purposes, when necessary for an investigation or enforcement proceedings (such as suspected violations of the Commodity Exchange Act or a threat of violence against the Commission), information obtained from the Internet may be collected and preserved. The information collected is offered to the Commission with consent or is from publicly-available sources on the Internet, except that in limited enforcement situations, when other investigative avenues are limited, a specifically approved Commission staff member may act as a member of the public by using a username and profile not affiliated with the CFTC to seek information about business opportunities that may violate the Act, simulating the day-to-day customer experience.

Information collected for investigative purposes and to which the Privacy Act of 1974 applies is maintained in the Commission's investigatory or enforcement system of records. See CFTC System of Record Notice (SORN) CFTC-10, Investigatory Records (Exempted), and CFTC-16, Enforcement Case Files, at Federal Register, 76 Fed. Reg. 5973-6002 (2011), as may be amended. To minimize privacy risks in this situation, a structured process is followed, very limited PII collected, only CFTC Internet users with a legitimate business "need to know" have access to this information, CFTC users have received specific training concerning the sensitivity of this type of information, and the CFTC provides public notice through this privacy policy, a Privacy Impact Assessment, and when feasible, a privacy notice on certain specific social media sites. See, e.g., Internet and Social Media Use Privacy Impact Assessment for details.


Personal information collected and maintained by the CFTC are protected from unauthorized access and misuse through comprehensive administrative, technical and physical security measures. Administrative measures include a privacy governance structure, mandatory annual privacy and security training for all CFTC employees, internal policies and controls over data handling practices, and regular auditing of systems. Technical security measures within CFTC include restrictions on computer access to authorized individuals, required use of strong passwords that are frequently changed, use of encryption for certain data types and transfers, and regular review of security procedures and best practices to enhance security. Physical measures include restrictions on building access to authorized individuals only and maintaining records in lockable offices and filing cabinets.

Intrusion Detection Monitoring

The CFTC uses software programs to monitor this Web site for security purposes to ensure it remains available to all users and to protect information in the system.  By accessing this Web site, you are expressly consenting to these monitoring activities. Unauthorized attempts to defeat or circumvent security features; to use the system for other than intended purposes; to deny service to authorized users; to access, obtain, alter, damage, or to destroy information; or otherwise to interfere with the system or its operation are prohibited. Evidence of such acts may be disclosed to law enforcement authorities and result in criminal prosecution under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996, 18 USC 1030, or other applicable criminal laws. Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits.

Other Privacy Information: Systems of Records Notices and Privacy Impact Assessments

The CFTC regularly publishes information in the Federal Register on its systems of records maintained under the Privacy Act of 1974. See CFTC Privacy Act Systems of Records Notices.

Questions About Privacy

If you have questions about CFTC's privacy policy and information practices, you can email us at, or contact:

Chief Privacy Officer
Commodity Futures Trading Commission
1155 21st St., N.W.
Washington DC 20581
Phone: 202-418-5000
Fax: 202-418-5532


< Previous Page | Table of Contents | Next Page >