113 STAT. 1446 PUBLIC LAW 106-102—NOV. 12, 1999 Subtitle B—Fraudulent Access to Financial Information 15 USC 6821. SEC. 521. PRIVACY PROTECTION FOR CUSTOMER INFORMATION OF FINANCIAL INSTITUTIONS. (a) PROHIBITION ON OBTAINING CUSTOMER INFORMATION BY FALSE PRETENSES.— It shall be a violation of this subtitle for any person to obtain or attempt to obtain, or cause to be disclosed or attempt to cause to be disclosed to any person, customer information of a financial institution relating to another person— (1) by making a false, fictitious, or fraudulent statement or representation to an officer, employee, or agent of a financial institution; (2) by making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution; or (3) by providing any document to an officer, employee, or agent of a financial institution, knowing that the document is forged, counterfeit, lost, or stolen, was fraudulently obtained, or contains a false, fictitious, or fraudulent statement or representation. (b) PROHIBITION ON SOLICITATION OF A PERSON TO OBTAIN CUSTOMER INFORMATION FROM FINANCIAL INSTITUTION UNDER FALSE PRETENSES.—It shall be a violation of this subtitle to request a person to obtain customer information of a financial institution, knowing that the person will obtain, or attempt to obtain, the information from the institution in any manner described in subsection (a). (c) NONAPPLICABILITY TO LAW ENFORCEMENT AGENCIES.— No provision of this section shall be construed so as to prevent any action by a law enforcement agency, or any officer, employee, or agent of such agency, to obtain customer information of a financial institution in connection with the performance of the official duties of the agency. (d) NONAPPLICABILITY TO FINANCIAL INSTITUTIONS IN CERTAIN CASES.— No provision of this section shall be construed so as to prevent any financial institution, or any officer, employee, or agent of a financial institution, from obtaining customer information of such financial institution in the course of— (1) testing the security procedures or systems of such institution for maintaining the confidentiality of customer information; (2) investigating allegations of misconduct or negligence on the part of any officer, employee, or agent of the financial institution; or (3) recovering customer information of the financial institution which was obtained or received by another person in any manner described in subsection (a) or (b). (e) NONAPPLICABILITY TO INSURANCE INSTITUTIONS FOR INVES- TIGATION OF INSURANCE FRAUD. —No provision of this section shall be construed so as to prevent any insurance institution, or any officer, employee, or agency of an insurance institution, from obtaining information as part of an insurance investigation into criminal activity, fraud, material misrepresentation, or material nondisclosure that is authorized for such institution under State law, regulation, interpretation, or order.
�
