TaxDome wins Comprehensive Firm Workflow Solutions — CPA Practice Advisor Readers’ Choice Awards 2024. Read more

🔥 Join in-depth webinars to get up to speed on automations, invoicing and team collaboration. Learn more

Gramm-Leach-Bliley Compliance

Financial institutions — companies that offer consumers financial services such as financial or investment advice must comply with The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernisation Act of 1999.

One of the purposes of GLBA was to require companies to explain their information-sharing practices to their customers and to safeguard sensitive data.

GLBA requirements

Many accounting firms may not realise they are required to comply with the GLBA because they associate it only with large banks or financial institutions. However, the GLBA is applicable to accounting firms as well, regardless of size.

Accounting firms must comply with these three objectives:

  1. Ensure the security and confidentiality of their client’s information.
  2. Protect against any anticipated threats or hazards to the security or integrity of such information.
  3. Protect against unauthorised access to or use of such information that could result in substantial harm or inconvenience to any client.

Penalties for non-compliance

GLBA includes severe civil and criminal penalties for noncompliance. Civil penalties include fines up to $100,000 for each violation, and key officers may be fined up to $10,000 per violation.

How TaxDome protects you

TaxDome offers the most secure Client Portal available on the market. Your data and your clients’ data is protected. You don’t have to take our word for it — we are the only tax practice management system that has passed both Intuit and Google security review. Each review consisted of penetration testing, deployment review, and a policy and procedure review, took months of work to complete and cost between $15,000 and $75,000 (see Google security assessment).

What does the Google security assessment include?

The process tests for application vulnerabilities across four key areas:

  • External Network Penetration Testing identifies potential vulnerabilities in external, internet-facing infrastructure systems.
  • Application Penetration Testing identifies potential vulnerabilities in applications that access user data.
  • Deployment Review identifies exploits and vulnerabilities in developer infrastructure.
  • Policy and Procedure Review examines the efficacy of information security policies and procedures.

For more precise details about the assessment, please see Google Security Assessment.

More information



Last updated November 8, 2023