Skip to content
LexBuild

Privacy Act of 1974; System of Records 

---
identifier: "/us/fr/2025-21510"
source: "fr"
legal_status: "authoritative_unofficial"
title: "Privacy Act of 1974; System of Records"
title_number: 0
title_name: "Federal Register"
section_number: "2025-21510"
section_name: "Privacy Act of 1974; System of Records"
positive_law: false
currency: "2025-11-28"
last_updated: "2025-11-28"
format_version: "1.1.0"
generator: "[email protected]"
agency: "Commodity Futures Trading Commission"
document_number: "2025-21510"
document_type: "notice"
publication_date: "2025-11-28"
agencies:
  - "Commodity Futures Trading Commission"
fr_citation: "90 FR 54640"
fr_volume: 90
effective_date: "2025-12-29"
comments_close_date: "2025-12-29"
fr_action: "Notice of a modified system of records."
---

#  Privacy Act of 1974; System of Records

**AGENCY:**

Commodity Futures Trading Commission.

**ACTION:**

Notice of a modified system of records.

**SUMMARY:**

In accordance with the Privacy Act of 1974 and in compliance with Executive Order 14249, *Protecting America's Bank Account Against Fraud, Waste, and Abuse,* and Office of Management and Budget Memorandum M-25-32, *Preventing Improper Payments and Protecting Privacy Through Do Not Pay,* the Commodity Futures Trading Commission (CFTC or Commission) is modifying four Privacy Act systems of records by adding a new routine use to permit the disclosure of records to the Department of the Treasury. In addition, in accordance with Office of Management and Budget Memorandum M-17-12, *Preparing for and Responding to a Breach of Personally Identifiable Information,* the CFTC is adding routine uses to three of those systems of records to permit the disclosure of records in response to a breach. These modified systems of records will be included in the CFTC's inventory of record systems.

**DATES:**

These modified systems of records are effective December 29, 2025. Please submit comments on or before December 29, 2025.

**ADDRESSES:**

You may submit comments, identified as pertaining to PA Routine Uses, by any of the following methods:

*CFTC Comments Portal: https://comments.cftc.gov.* Select the “Submit Comments” link for this notice and follow the instructions on the Public Comment Form.

*Mail:* Send to Christopher Kirkpatrick, Secretary of the Commission, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

*Hand Delivery/Courier:* Follow the same instructions as for Mail, above.

Please submit your comments using only one of these methods. To avoid possible delays with mail or in-person deliveries, submissions through the CFTC Comments Portal are encouraged. All comments must be submitted in English, or if not, be accompanied by an English translation. Comments will be posted as received to *https://comments.cftc.gov.* You should submit only information that you wish to make available publicly.

The Commission reserves the right, but shall have no obligation, to review, pre-screen, filter, redact, refuse, or remove any or all of a submission from *https://comments.cftc.gov* that it may deem to be inappropriate for publication, such as obscene language. All submissions that have been redacted or removed that contain comments on the merits of this notice will be retained in the comment file and will be considered as required under all applicable laws and may be accessible under the Freedom of Information Act.

**FOR FURTHER INFORMATION CONTACT:**

Kellie Cosgrove Riley, Chief Privacy Officer, *[email protected],* (202) 418-5610, Office of the General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

**SUPPLEMENTARY INFORMATION:**

In accordance with the Privacy Act of 1974 and in compliance with Executive Order 14249, *Protecting America's Bank Account Against Fraud, Waste, and Abuse* (E.O. 14249), and Office of Management and Budget Memorandum M-25-32, *Preventing Improper Payments and Protecting Privacy Through Do Not Pay* (OMB M-25-32), the Commodity Futures Trading Commission (CFTC or Commission) is modifying four Privacy Act systems of records by adding a new routine use to permit the disclosure of records to the Department of the Treasury to review payments through the Do Not Pay Working System.

A “routine use” means, with respect to the disclosure of a Privacy Act record, the use of such record for a purpose which is compatible with the purpose for which it is collected.” 5 U.S.C. 552a(a)(7). All agency systems of records must have a system of records notice (SORN) published in the *Federal Register* and the SORN must describe “each routine use of the records contained in the system, including the categories of users and the purposes of such use.” 5 U.S.C. 552a(e)(4)(D).

E.O. 14249 promotes financial integrity by enabling the Department of the Treasury to more easily conduct improper payment and fraud prevention screening prior to disbursing funds on behalf of agencies” It requires agencies to review and modify, as applicable, their relevant system of records notices  under the Privacy Act of 1974 to include a “routine use” that allows for the disclosure of records to the Department of the Treasury for the purposes of identifying, preventing, or recouping fraud and improper payments, to the extent permissible by law.

The Office of Management and Budget, in OMB M-25-32, issued guidance concerning the routine use provisions in E.O. 14249. OMB M-25-32 requires agencies, in accordance with the Executive Order, to 1. identify which of their systems of records maintain information about applicants for, or recipients of, Federal funds that agencies use to make eligibility determinations for payments to beneficiaries, award and loan recipients, vendors, contractors, and other payees; 2. determine which of those systems of records maintain information whose disclosure to Treasury would be relevant and necessary for identifying, preventing, or recouping improper payments by reviewing payment and award eligibility through the Do Not Pay Working System; and 3. report to OMB and Congress in accordance with OMB Circular No. A-108 any proposal(s) to add the following routine use to the agency's SORN(s) or to modify an existing routine use in the agency's SORN(s) so that it conforms to the following routine use:

*To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purpose of identifying, preventing, or recouping improper payment to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program.*

The Commission has reviewed its SORNs and determined, in accordance with the mandate in E.O. 14249 and the guidance in M-25-32, to modify four of the CFTC SORNs to include the required routine use. These are:

• CFTC-5 Employee Personnel, Payroll, Time and Attendance

• CFTC-6 Employee Travel and Transportation Records

• CFTC-49 Whistleblower Records

• CFTC-51 Contractors and Consultants

In addition to adding the required routine use for disclosure to the Department of the Treasury to the above-referenced SORNs, the Commission has also determined to add two additional routine uses to permit disclosure of records in the context of a breach to three of those SORNs:

• CFTC-5 Employee Personnel, Payroll, Time and Attendance

• CFTC-6 Employee Travel and Transportation Records

• CFTC-49 Whistleblower Records

Office of Management and Budget Memorandum M-17-12, *Preparing for and Responding to a Breach of Personally Identifiable Information,* (OMB M-17-12) sets forth the policy for Federal agencies to prepare for and respond to a breach of personally identifiable information (PII). It established two model routine uses, one permitting the disclosure of information related to breaches of an agency's own records, and the second permitting the disclosure of agency records to assist other agencies in their efforts to respond to a breach. To date, the Commission has been adding these routine uses to individual SORNs when they otherwise require a modification, relying until those updates are in place on the Commission's blanket routine use 19, which closely parallels the first of OMB M-17-12's model routine uses. See 76 FR 5974. To that end, the Commission is deleting the reference to blanket routine use 19 in these three SORNs and including the following routine uses from OMB M-17-12:

*To appropriate agencies, entities, and persons when (1) the Commission suspects or has confirmed that there has been a breach of the system of records, (2) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.*

*To another Federal agency or Federal entity, when the Commission determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.*

Finally, the Commission is making minor administrative edits to the System Location and System Manager sections of all four SORNs to address organizational changes within the Commission since they were last published.

These modified systems of records will be included in the CFTC's inventory of record systems and, in accordance with 5 U.S.C. 552a(r), the CFTC has provided a report of these modified systems of records to the Office of Management and Budget and to Congress.

**CFTC-5**

**SYSTEM NAME AND NUMBER:**

Employee Personnel, Payroll, Time and Attendance, CFTC-5.

**SECURITY CLASSIFICATION:**

Unclassified.

**SYSTEM LOCATION:**

Division of Administration, Human Resources Branch, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581, and at the Commission's payroll processor, Department of Agriculture's National Finance Center, New Orleans, LA.

**SYSTEM MANAGER(S):**

Executive Director, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

**ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:**

e. To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purpose of identifying, preventing, or recouping improper payment to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program.

f. To appropriate agencies, entities, and persons when (1) the Commission suspects or has confirmed that there has been a breach of the system of records, (2) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

g. To another Federal agency or Federal entity, when the Commission  determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

Information in this system may also be disclosed in accordance with blanket routine uses 1-18, available at 76 FR 5974 (Feb. 2, 2011), and on the Commission's website, *https://www.cftc.gov/privacy.*

**HISTORY:**

76 FR 6974 (Feb. 2, 2011), 81 FR 67327 (Sept. 30, 2016)

**CFTC-6**

**SYSTEM NAME AND NUMBER:**

Employee Travel and Transportation Records, CFTC-6.

**SECURITY CLASSIFICATION:**

Unclassified.

**SYSTEM LOCATION:**

Employee travel records are part of the E2 Solutions TAVS system operated by CW Government Travel located in Arlington, VA. Access to these records is through Office of Financial Management, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. The transit subsidy system is located in the Office of Management Operations, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

**SYSTEM MANAGER(S):**

Deputy Director for Accounting and Financial Systems and Network Manager (travel and transportation records) and Director, Office of Management Operations (transit subsidy records), Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

**ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:**

Information in this system may be disclosed in accordance with blanket routine uses numbered 1 through 18 that are published in the *Federal Register* at 76 FR 5974 (Feb. 2, 2011). In addition, information in this system may be disclosed as follows:

a. To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purpose of identifying, preventing, or recouping improper payment to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program.

b. To appropriate agencies, entities, and persons when (1) the Commission suspects or has confirmed that there has been a breach of the system of records, (2) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

c. To another Federal agency or Federal entity, when the Commission determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

**HISTORY:**

76 FR 5974 (Feb. 2, 2011)

**CFTC-49**

**SYSTEM NAME AND NUMBER:**

Whistleblower Records, CFTC-49.

**SECURITY CLASSIFICATION:**

Unclassified.

**SYSTEM LOCATION:**

Whistleblower Office, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

**SYSTEM MANAGER(S):**

Senior Attorney Advisor, Whistleblower Office, Office of the General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

**ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:**

Information in this system may be disclosed in accordance with blanket routine uses numbered 1 through 18 that are published in the *Federal Register* at 76 FR 5974 (Feb. 2, 2011). In addition, information in this system may be disclosed as follows:

a. To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purpose of identifying, preventing, or recouping improper payment to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program.

b. To appropriate agencies, entities, and persons when (1) the Commission suspects or has confirmed that there has been a breach of the system of records, (2) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

c. To another Federal agency or Federal entity, when the Commission determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

**HISTORY:**

77 FR 41378 (July 13, 2012)

**CFTC-51**

**SYSTEM NAME AND NUMBER:**

Contractors and Consultants, CFTC-51.

**SECURITY CLASSIFICATION:**

Unclassified.

**SYSTEM LOCATION:**

Division of Administration, Business and Operations Branch, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 2058, and the Department of Transportation Enterprise Service Center, Oklahoma City, Oklahoma.

**SYSTEM MANAGER(S):**

Executive Director, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

**ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:**

f. To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purpose of identifying, preventing, or recouping improper payment to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state-administered, federally funded program.

**HISTORY:**

83 FR 5997 (Feb. 12, 2018).

Issued in Washington, DC, on November 25, 2025, by the Commission.

Robert Sidman,

Deputy Secretary of the Commission.