![[Federal Register] Privacy Act Regulations — Money & Markets article](../images/articles/2026-05-07-federal-register-privacy-act-regulations.png "[Federal Register] Privacy Act Regulations")
What they're not telling you: # CFTC Quietly Exempts New Surveillance Program From Privacy Protections The Commodity Futures Trading Commission has created an "Insider Risk Program" and immediately carved out exemptions from federal privacy law that would normally shield individuals from government data collection. The CFTC published notice of this new system, CFTC-59, in the Federal Register, establishing it as an official records repository for the program. But buried in the regulatory language is the agency's simultaneous request to exempt these records from certain Privacy Act provisions—the very safeguards designed to limit what government agencies can do with personal information they collect.
# THE TAKE: CFTC's Insider Risk Theater The CFTC's shiny new "Insider Risk Program" is regulatory kabuki masquerading as vigilance. They're establishing a Privacy Act system of records—code for: we're building surveillance infrastructure and legally inoculating ourselves against disclosure. Here's the con: These programs *always* start narrow. Employee monitoring. Then it metastasizes. The CFTC gains permanent institutional surveillance capacity, justified by the last scandal. Banks already do this. Now the regulator does too. The real tell? They're *classifying* the methodology. Not transparent about what triggers investigation, what data they're hoovering, retention periods. Just "trust us." This isn't about catching crooked traders. It's about normalizing dragnet monitoring of financial sector workers—creating an easily-weaponized apparatus for selective enforcement. The Privacy Act filing is legal cover, not constraint. Regulatory capture doesn't always mean industry wins. Sometimes it means the regulator becomes the industry's enforcement arm.
What the Documents Show
The move followed "guidance contained in Office of Management" materials, according to the filing, suggesting coordination across the federal bureaucracy on how to structure these exemptions. What makes this particularly significant is the timing and approach: rather than seeking privacy protections for a new surveillance system and then justifying exceptions through public comment, the CFTC established the program and the exemptions in parallel filings. This compressed timeline reduces opportunities for public scrutiny or meaningful challenge before the system becomes operational. The Privacy Act typically requires agencies to publish detailed notices about what information they'll collect, how they'll use it, and what protections apply. Exemptions from these disclosure requirements mean the public gets less visibility into the scope of the program.
Follow the Money
The regulatory filing provides minimal detail about what "Insider Risk Program" actually entails—what data it collects, who it targets, or what triggers investigation. This opacity at the inception stage is notable. While insider trading enforcement serves a legitimate purpose, the structure here inverts the usual burden: instead of agencies proving they need exemptions from privacy law, the public must somehow identify and challenge exemptions it wasn't fully informed about. The broader pattern this represents extends beyond a single CFTC program. Federal agencies have increasingly used Privacy Act exemptions to shield emerging surveillance or data-collection systems from standard transparency requirements. When exemptions are established before public awareness builds, reversing them becomes substantially harder.
What Else We Know
The regulatory process, designed to invite public input, functions less effectively when citizens don't know what they're reviewing. For ordinary people, this matters concretely. Anyone working in commodity trading, derivatives markets, or related industries may now have their communications, transactions, or behavior patterns collected under standards with fewer explicit Privacy Act protections than would normally apply. Whether the program functions as intended or drifts into broader monitoring remains harder to verify precisely because the usual transparency mechanisms have been reduced. The exemptions may be perfectly justified—but the public doesn't have enough detail to make that assessment, which itself is the problem the Privacy Act was designed to prevent.
Primary Sources
- Source: Federal Register
- Category: Money & Markets
- Cross-reference independently — don't take our word for it.
Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.