The CFTC Proprietary Information Act of 2026 mandates that the CFTC establish formal rules and safeguards to protect the confidentiality and secure handling of proprietary information obtained by the Commission.
David Rouzer
Representative
NC-7
The CFTC Proprietary Information Act of 2026 mandates that the Commodity Futures Trading Commission establish formal rules to protect the confidentiality of proprietary information it collects. The bill requires the implementation of strict internal safeguards, restricted access protocols, and rigorous standards for sharing sensitive data with other government entities.
CFTC Proprietary Information Act of 2026 Mandates New Data Safeguards for Sensitive Financial Information
The CFTC Proprietary Information Act of 2026 forces the Commodity Futures Trading Commission (CFTC) to get serious about its filing cabinet. This bill amends Section 8 of the Commodity Exchange Act to require the agency to create formal, public-facing rules for how it handles proprietary information—the kind of sensitive trade secrets and internal data companies hand over during investigations or routine oversight. While the government has always collected this data, this bill moves the goalposts by requiring a standardized system of safeguards, sensitivity levels, and access limits that the agency must develop through a public notice and comment period.
Locking the Digital Vault
Under the new requirements in Section 2, the CFTC can’t just wing it when they ask for a company’s secret sauce. They must establish specific policies that scale security based on how sensitive the information is. Think of it like a tiered security clearance: a routine report might be accessible to more people, while a proprietary trading algorithm would be locked down to only 'appropriate staff.' For a coder at a fintech startup or a compliance officer at a local grain elevator, this means more certainty that their employer’s intellectual property isn't sitting on an unsecured server or being viewed by someone who doesn't need to see it. However, the bill leaves the definition of 'appropriate staff' up to the CFTC’s discretion, which is a detail worth watching as the rules are written.
The 'Pinky Swear' for Data Sharing
One of the biggest shifts involves how the CFTC plays with others. Currently, if one government agency asks another for data, it often moves behind the scenes. This bill mandates that if the CFTC shares proprietary info with another government entity, they must first get 'assurances' that the receiving agency has the same level of protection. It’s essentially a legal 'you touch it, you bought it' rule for data security. If the Department of Justice or another regulator wants to see sensitive files, they have to prove they can keep a secret just as well as the CFTC can. This creates a chain of custody for data that aims to prevent leaks as information moves through the federal bureaucracy.
Real-World Stakes and Red Tape
For the average person, this bill is about preventing the kind of data leaks that can tank a company’s stock or give competitors an unfair edge. If you work for a firm that trades commodities—anything from oil to orange juice—your company’s competitive advantage often lies in its private data. By formalizing these protections, the bill tries to ensure that government oversight doesn't accidentally become industrial espionage. The challenge, however, lies in the implementation. With a 'Medium' vagueness level, there is a risk that the 'assurances' process between agencies could become a bureaucratic bottleneck, slowing down important investigations while lawyers argue over whether a different agency’s firewall is 'equivalent' to the CFTC’s.