With the myriad of rules and regulations, I'm seeking to provide some general guidelines as to what an employee may be allowed to disclose to a customer/consumer when we receive a request via the telephone, internet, fax or letter. This minimal information that I'm interested in disclosing to customers/consumers relates not only to deposit accounts but also to all personal and commerical loan types.

I recognize there are my own institutions privacy policies (which say that we don't disclose information to third parties and affiliates, etc.), and I also recognize there are other considerations such as FCRA, but I'm approaching this from an Identity Theft and Pretext Calling perspective.

I'm interested to know what other financial institutions are saying (assuming the person performing the inquiry has been effectively identified to the best degree possible.)

Is there a resource out there that provides any collective guidance as to what I can disclose/say?