GLBA Compliance

Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act, allowed consolidation of financial companies, and also governs the collection and disclosure of customers’ personal financial information by financial institutions.

GLBA requires financial institutions to develop and document an information security plan that addresses how the organization protects clients’ personal information.

This plan must include:

  • Developing a program to secure the information with corresponding safeguards.
    • Developing a program against social engineering attacks, phishing and others.
  • Appointing at least one employee to manage the safeguards.
  • Analyzing and documenting risks for handling of nonpublic information..
  • Monitoring, testing, and changing the safeguards as needed.

Additionally, to protect financial privacy, each consumer has to be provided with a privacy notice at the time the relationship is established and then annually, and on every privacy policy change, allowing the consumer to opt-out.

Who does it apply to?

GLBA applies to all companies who receive personal financial information, regardless of their primary business and industry. That includes banking, mortgage, investment, securities companies, but also reporting agencies, appraisers, and mortgage brokers.

All financial institutions need to design, implement, and maintain safeguards to protect customer information.

Compliance is mandatory and enforced by the Federal Trade Commission (FTC).

How can GoldSky support you with your GLBA compliance needs?
  • GoldSky can develop the security and privacy program to comply with the GLB Act.
    • GoldSky can assess the existing program and identify potential gaps, recommend and implement improvements.
  • GoldSky can develop and maintain risk management documentation.
  • GoldSky can help you to continuously monitor and test the safeguards in place and change as needed.
  • GoldSky can develop a program against social engineering attacks, including technical safeguards and information security awareness training for employees.

Our GoldSky Security resources in Orlando, Denver, Nashville, Tampa & Phoenix can help support your GLBA compliance requirements.  Please reach out to for a free consultation.

How can GoldSky Security help you?

Contact GoldSky Security for a Free GLBA Consultation!

GoldSky Newsletter

Sign up below to receive the latest news and security updates from GoldSky Security.

“We could not be more pleased with our partnership with GoldSky Security. The experience and professionalism from your team has exceeded our expectations from day one. Your team was on-site within a week of our initial call. We appreciate the responsiveness and expertise you provided in performing our NIST 800-171 Gap Assessment and now CSOaaS program. Having an On-Demand CSO partner to assist us in building a sound cybersecurity program while maintaining NIST 800-171 compliance has proven to be both efficient and cost-effective. Thanks!”

Ed Gillcrist
Founder, The Shackleton Group


Contact GoldSky Security Today!

This information will never be shared for 3rd party use