Delivering expert cyber security solutions to small and medium-sized businesses

Learn More


Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act, allowed consolidation of financial companies, and also governs the collection and disclosure of customers’ personal financial information by financial institutions.

GLBA requires financial institutions to develop and document an information security plan that addresses how the organization protects clients’ personal information.

This plan must include:

  • Developing a program to secure the information with corresponding safeguards.
    • Developing a program against social engineering attacks, phishing and others.
  • Appointing at least one employee to manage the safeguards.
  • Analyzing and documenting risks for handling of nonpublic information..
  • Monitoring, testing, and changing the safeguards as needed.

Additionally, to protect financial privacy, each consumer has to be provided with a privacy notice at the time the relationship is established and then annually, and on every privacy policy change, allowing the consumer to opt-out.

Who does it apply to?

GLBA applies to all companies who receive personal financial information, regardless of their primary business and industry. That includes banking, mortgage, investment, securities companies, but also reporting agencies, appraisers, and mortgage brokers.

All financial institutions need to design, implement, and maintain safeguards to protect customer information.

Compliance is mandatory and enforced by the Federal Trade Commission (FTC).

How can GoldSky support you with your GLBA compliance needs?
  • GoldSky can develop the security and privacy program to comply with the GLB Act.
    • GoldSky can assess the existing program and identify potential gaps, recommend and implement improvements.
  • GoldSky can develop and maintain risk management documentation.
  • GoldSky can help you to continuously monitor and test the safeguards in place and change as needed.
  • GoldSky can develop a program against social engineering attacks, including technical safeguards and information security awareness training for employees.

Our GoldSky Security resources in Orlando, Denver, Nashville, Tampa & Phoenix can help support your GLBA compliance requirements.  Please reach out to [email protected] for a free consultation.

How can GoldSky Security help you?

Contact GoldSky Security for a Free GLBA Consultation!

We are grateful to have GoldSky as our IT security and compliance partner in the SMB marketplace. Thank you for the expertise you provided in performing our annual Security Risk Assessment and HIPAA Compliance Review. You all are incredibly smart and ahead of the game when it comes to assessing a company and providing affordable and efficient IT security and technology solutions!”

Timothy B. Caldwell, AIF®
Senior Sales Consultant, Pension Investors Corporation of Orlando