I recently signed up to receive fraud alert emails from an FBA website. The following is one of the emails I received:

"Date: 06/18/02 12:05 PM
Author: (no profile)
Subject: Account Relationship Information

M***e J****s social ***-**-**** date of birth 7/15/** address **** *th St S St Petersburg, FL 33705, looking for current bank accounts and correct address.
(http://www.fbafraudalert.com/Thread.cfm/Index.cfm?CFApp=3&Message_ID=128)"

(Of course there weren't any *'s in the original email!)

Is this compliant with the privacy act? Additionally, are there any prohibitions on Banks supplying info on customers (ie. account closed due to history of kiting)to services that other Banks use to check out prospective new account clients? Thanks!

I have been involved in this discussion before and was always cautioned that there is risk in exchanging this type of NPPI.

The users of these fraud alerts rest on the cite below which generally provides enough comfort considering these go out on those trying to steal from their bank. Does that mean it is enough for you or that you are that certain about the customer, you'll have to answer that.

12 CFR §216.15 Other exceptions to notice and opt out requirements. (a) Exceptions to opt out requirements. The requirements for initial notice in §216.4(a)(2), for the opt out in §§216.7 and 216.10, and for service providers and joint marketing in §216.13 do not apply when you disclose nonpublic personal information:

(2)(i) To protect the confidentiality or security of your records pertaining to the consumer, service, product, or transaction;

(ii) To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability;

(iii) For required institutional risk control or for resolving consumer disputes or inquiries;

(iv) To persons holding a legal or beneficial interest relating to the consumer;...

These were also cited in the January Privacy Q&A in the spirit of reducing fraud (I.5. and I.6.)