No. 83 
Monday April 30, 2001	Page A-10 
	ISSN 1523-567X
	Regulation, Law & Economics
	
	PrivacyNew CFTC Rules Set Regime for Disclosing
Privacy Rules to Clients of Financial Entities

The Commodity Futures Trading Commission April 27 released new rules 
establishing guidelines as to how futures commission merchants, commodity 
trading advisors, and other similar financial institutions must inform 
customers of their privacy rights. 
The new rules, which are scheduled to go into effect June 21, will require 
FCMs and CTAs, as well as commodity pool operators and introducing brokers, 
to establish written guidelines informing their clients as to what type of 
information can be disclosed to various third-parties, the CFTC said in a 
Federal Register notice. The rules also provide that such an entity inform 
its clients how to opt out of such data sharing. 

Continuing Relationship

The entities will now be expected to provide the privacy guidelines at a time 
"not later than the time it establishes a customer relationship" with the 
client, and at least once a year thereafter. 
The CFTC said it defines the beginning of such a period to be when the 
institution and customer "enter into a continuing relationship," most likely 
the time when the two enter into a contract. For customers in which no such 
relationship has been established, the institution must provide notice of its 
privacy policies before it releases personal information to a nonaffiliated 
third party, the CFTC said. 
In the notices, the institutions must inform customers about the category of 
information it may collect as well as what it may disclose, the CFTC said. A 
firm, for example, must tell clients that it can collect information 
contained in their applications, credit reports, and transaction reports. 
The firm must also state that it may disclose data pertaining to assets, 
income and investment goals, personal-identifying information (name, address, 
and Social Security number), account activity and balances, and credit 
histories. 
To minimize crossover, the CFTC said it would allow firms that are also 
registered with the Securities and Exchange Commission or with a state 
securities regulator to abide by either the SEC or Federal Trade Commission's 
privacy rules 

No Safe Harbor

The commission initially was not obliged to set out such rules, which became 
mandatory for other agencies as part of the Gramm-Leach-Bliley Act of 1999. 
Congress put the CFTC under the same rules in December, however, as part of 
the Commodity Futures Modernization Act of 2000. 
The commission said it decided not to exempt or create a safe harbor for 
unregistered CTAs and CPOs, despite some lobbying from industry. The CFTC did 
agree not to hold foreign unregistered entities to the rules, saying it would 
be "impracticable" to do so. 


Copyright , 2001 by The Bureau of National Affairs, Inc., Washington D.C.