(a) The requirement under this chapter to place a security alert or security freeze on a consumer file does not apply to:
(1) a check service or fraud prevention service company that issues consumer reports:
(A) to prevent or investigate fraud; or
(B) for purposes of approving or processing negotiable instruments, electronic funds transfers, or similar methods of payment; or
(2) a deposit account information service company that issues consumer reports related to account closures caused by fraud, substantial overdrafts, automated teller machine abuses, or similar negative information regarding a consumer to an inquiring financial institution for use by the financial institution only in reviewing a consumer request for a deposit account with that institution.
(b) The requirement under this chapter to place a security freeze on a consumer file does not apply to a consumer reporting agency that:
(1) acts only to resell credit information by assembling and merging information contained in a database of another consumer reporting agency or multiple consumer reporting agencies; and
(2) does not maintain a permanent database of credit information from which new consumer reports are produced.

(c) Notwithstanding § 20.12, a violation of a requirement under this chapter to place, temporarily lift, or remove a security freeze on a consumer file is not a false, misleading, or deceptive act or practice under Subchapter E, Chapter 17.