On February 26, the Division of Swap Dealer and Intermediary Oversight (DSIO) of the Commodity Futures Trading Commission issued Advisory 14-21 to provide futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, swap dealers and major swap participants (covered entities) with best practices for complying with Title V of the Gramm-Leach-Bliley Act and Part 160 of the CFTC’s regulations protecting privacy of customer financial information. For these purposes, CFTC regulations define a “customer” to mean an individual that obtains a financial product or service from the covered entity that is to be used primarily for “personal, family or household purposes,” which includes obtaining brokerage or advisory services. Part 160 of the CFTC’s regulations requires, among other things, that covered entities adopt policies and procedures to address administrative, technical and physical safeguards for the protection of customer records and information. The Advisory recommends several best practices that, in the view of DSIO, should be incorporated in a covered entity’s written information security and privacy program. 

CFTC Advisory No. 14-21 is available here.