Bill SponsorBILLSPONSOR
Bill Sponsor
Politicians
Bills
House Bill 4772
116th Congress(2019-2020)
CFTC Cybersecurity and Data Protection Enhancement Act
Introduced
Introduced
Introduced in House on Oct 21, 2019
Overview
Text
Introduced in House 
Oct 21, 2019
Not Scanned for Linkage
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Introduced in House(Oct 21, 2019)
Oct 21, 2019
Not Scanned for Linkage
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Jump To
H. R. 4772 (Introduced-in-House)


116th CONGRESS
1st Session
H. R. 4772


To provide for the protection of proprietary information provided to the Commodity Futures Trading Commission, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES

October 21, 2019

Mr. Rodney Davis of Illinois introduced the following bill; which was referred to the Committee on Agriculture

A BILL

To provide for the protection of proprietary information provided to the Commodity Futures Trading Commission, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “CFTC Cybersecurity and Data Protection Enhancement Act”.

SEC. 2. Protection of proprietary information by the Commodity Futures Trading Commission.

Section 8(a) of the Commodity Exchange Act (7 U.S.C. 12(a)) is amended—

(1) in the first proviso of paragraph (1), by striking “customers:” and inserting “customers, or disclose the proprietary information of any person:”; and

(2) by adding at the end the following:

“(4) Treatment of proprietary information.—

“(A) WRITTEN REQUEST; AGREEMENT.—Except as provided in subparagraph (B), the Commission shall not examine, receive, obtain, or otherwise access the proprietary information of any person subject to this Act, unless—

“(i) the Commission has transmitted to the person a written request for the information, which details—

“(I) the records sought by the Commission;

“(II) a reasonable schedule to fulfill the request;

“(III) the method proposed for the Commission to be provided with access to the records;

“(IV) any reasonable requirements for data structures or file formats of the records; and

“(V) an explanation of the purpose of the request; and

“(ii) the person has agreed to the request.

“(B) EXCEPTIONS.—Subparagraph (A) shall not apply with respect to proprietary information of a person if—

“(i) the person has been served with a subpoena compelling the person to provide the Commission with access to the information;

“(ii) the information is otherwise required by or under this Act to be disclosed to the Commission;

“(iii) the information was received from a whistleblower pursuant to section 23;

“(iv) the information was lawfully obtained from a foreign or domestic authority in connection with a confidential investigation by the Commission; or

“(v) the person has agreed to provide the Commission with access to the information.

“(C) OBLIGATIONS OF THE RECIPIENT.—

“(i) ACKNOWLEDGEMENT OF RECEIPT OF REQUEST.—Within 3 business days after a person receives a request made in accordance with subparagraph (A) or a subsequent communication from the Commission in relation to the request, the person shall acknowledge to the Commission that the recipient has received the request or communication.

“(ii) RESPONSE TO REQUEST.—Within 10 business days after a person receives such a request or communication, the person shall respond to the request or communication in accordance with subparagraph (D).

“(iii) RETENTION OF REQUESTED RECORDS.—A person who receives such a request shall retain all records identified in the request until the request or any subpoena for the records has been resolved.

“(D) RESPONSE OPTIONS OF THE RECIPIENT.—A person who receives such a request shall—

“(i) agree to, and comply with, the request;

“(ii) request the Commission to provide additional information regarding the request;

“(iii) request the Commission modify any aspect of the request;

“(iv) seek a review of any aspect of the request by the Commission or a division director to whom the authority to conduct such a review has been delegated; or

“(v) refuse the request.

“(5) Establishment of rules for safeguarding information provided to the Commission.—

“(A) IN GENERAL.—The Commission shall prescribe rules regarding—

“(i) the retention of information provided to the Commission under this Act, including—

“(I) the manner of retention;

“(II) the duration of retention, which shall ensure that information is retained for only so long as is necessary to carry out this Act or other Federal law; and

“(III) the process for the return or destruction of the information, as appropriate; and

“(ii) access to information provided to the Commission under this Act, including—

“(I) limitations on access to relevant, essential individuals; and

“(II) additional limitations on disclosure by the individuals, including after leaving a position at the Commission.

“(B) INCORPORATION OF BEST PRACTICES.—The rules shall incorporate best practices regarding—

“(i) data collection;

“(ii) data access;

“(iii) data retention;

“(iv) physical security; and

“(v) information security and data protection, including cybersecurity.

“(6) Proprietary information defined.—In this subsection, the term ‘proprietary information’ means sensitive, non-public information of a person, including—

“(A) trading strategies;

“(B) analytical or research methodologies;

“(C) trading activity in asset classes and not subject to this Act;

“(D) physical and cyber vulnerabilities; and

“(E) computer hardware or software containing intellectual property.”.