Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

CFTC adopts NIST Privacy Framework

Privacy/Cyber Risk & Data Security NIST CFTC Risk Management

Privacy, Cyber Risk & Data Security

On January 28, the CFTC announced that it has adopted the National Institute of Standards and Technology (NIST) Privacy Framework, making it the first federal agency to do so. The September NIST release of a preliminary draft of the framework described it as “[a] Tool for Improving Privacy through Enterprise Risk Management,” covered by InfoBytes here. Among other things, the privacy framework, which advances guidance to mitigate cybersecurity risk, describes processes to mitigate risks associated with data processing and privacy breaches and to assess current privacy risk management measures. According to the announcement, the CFTC will utilize the framework to “better manage and communicate privacy risk throughout the agency,” making them a leader in the data privacy protection arena.