Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act, allowed consolidation of financial companies, and also governs the collection and disclosure of customers’ personal financial information by financial institutions.
GLBA requires financial institutions to develop and document an information security plan that addresses how the organization protects clients’ personal information.
This plan must include:
- Developing a program to secure the information with corresponding safeguards.
- Developing a program against social engineering attacks, phishing and others.
- Appointing at least one employee to manage the safeguards.
- Analyzing and documenting risks for handling of nonpublic information..
- Monitoring, testing, and changing the safeguards as needed.
Who does it apply to?
GLBA applies to all companies who receive personal financial information, regardless of their primary business and industry. That includes banking, mortgage, investment, securities companies, but also reporting agencies, appraisers, and mortgage brokers.
All financial institutions need to design, implement, and maintain safeguards to protect customer information.
Compliance is mandatory and enforced by the Federal Trade Commission (FTC).
How can GoldSky support you with your GLBA compliance needs?
- GoldSky can develop the security and privacy program to comply with the GLB Act.
- GoldSky can assess the existing program and identify potential gaps, recommend and implement improvements.
- GoldSky can develop and maintain risk management documentation.
- GoldSky can help you to continuously monitor and test the safeguards in place and change as needed.
- GoldSky can develop a program against social engineering attacks, including technical safeguards and information security awareness training for employees.
Our GoldSky Security resources in Orlando, Denver, Nashville, Tampa & Phoenix can help support your GLBA compliance requirements. Please reach out to [email protected] for a free consultation.