Yes. While the Gramm-Leach-Bliley Act (GLBA) protects the privacy of consumers' financial information and has restrictions on when financial institutions may disclose consumers' personal financial information to nonaffiliated third parties, [i] the GLBA also provides exceptions under which financial institutions may share consumer information with a nonaffiliated third party. [ii]

Recognizing that there are certain instances where the protection of consumer privacy is outweighed by risk control, the GLBA provides that the privacy requirements for initial notice, opt out, and for service providers and joint marketing do not apply when a financial institution discloses nonpublic personal information "to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liabilities." [iii]

Indeed, it is precisely this threat of fraud and unauthorized transactions-and the GLBA's attendant authorization of the disclosure of consumer information-that Fraud-Net seeks to protect.

Yes. Proscribing the use of consumer reports, the Fair Credit Reporting Act (FCRA) only allows the communication of consumer credit information for certain limited purposes including establishing consumer eligibility for credit, insurance, employment and by court order. [iv]

Fraud-Net is designed for financial institutions to notify other members of fraudulent activities that affect financial institutions-not for credit eligibility. Indeed, the End User License Agreement (EULA), [v] to which all users of Fraud-Net must agree, states that Fraud-Net "is not intended to be and shall not be used as a credit or check verification service…. [End users] will not use or allow others to use information posted to establish creditworthiness of a consumer or eligibility of a consumer for employment, insurance or other purposes related to the transaction of normal business."

Precautions must be taken at each institution to ensure that Fraud-Net is used as intended and to avoid the application of the FCRA. Fraud-Net must not be used before opening new accounts, [vi] establishing eligibility for credit or insurance, or for employment purposes. Fraud-Net is to be used solely to report fraudulent activities that affect financial institutions.

No. Passed in response to the terrorist attacks of September 11, 2001 , the policy directive of the USA PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) generally, and section 314 in particular, is to encourage law enforcement and financial institutions to share information in order to guard against money laundering and terrorist financing. [vii]

The USA PATRIOT Act does not apply to Fraud-Net because the web site is designed for sharing information about fraud, not terrorist financing or money laundering. Nevertheless, the information required to be reported to FinCEN in response to an information request under section 314 falls under yet another GLBA exception: information required to be reported under federal law. [viii]

Yes. Although there is some liability risk inherent in publishing suspected criminal activity and personal information about individuals on the Internet, financial institutions should enjoy a state common law qualified privilege from tort liability as long as: (1) the communication is made in good faith; (2) on a subject matter in which the author has an interest or has a duty to perform (recall the GLBA exception regarding fraud); (3) to another person having a corresponding interest (i.e., law enforcement and other financial institutions protecting against fraud). [ix]

Financial institutions asserting the affirmative defense of qualified privilege will be able to preclude liability for defamation claims unless the communication was made with knowledge that it was false, or with reckless disregard for the truth. [x] Therefore, financial institutions should take some investigative steps into the truth of fraudulent activity before posting such information on Fraud-Net. [xi]

No. The Children's Online Privacy Protection Act applies to web sites directed to children under the age of 13 that collect personal information from children under the age of 13. [xii] When a website is directed to children under the age of 13 certain privacy notices and disclosures are required.

Although children, especially children under the age of 13, are not an audience to which Fraud-Net is directed, financial institutions and law enforcement officials, out of an abundance of caution, should not post any information on Fraud-Net about or related to persons under the age of 18.

Yes. Financial institutions should develop procedures and guidelines to help ensure that information posted on Fraud-Net is accurate.

Developing in-house guidelines for postings should achieve two goals. One, guidelines will increase the likelihood that Fraud-Net postings will be true and accurate. Two, guidelines should serve as evidence that the financial institution took precautions and exhibited care to ensure the accuracy of its postings should a lawsuit arise.

A good starting place for developing internal guidelines is the Fraud-Net End User License Agreement. Poured over by attorneys across several states, the EULA outlines the dos and don'ts with regard to posting information on Fraud-Net.