On September 22, 2015, the SEC announced that R.T. Jones Capital Equities Management, an investment adviser, agreed to settle charges regarding its failure to follow guidelines for cybersecurity policies and procedures, which resulted in a breach which compromised the personally identifiable information of approximately 100,000 individuals. Federal securities laws require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information. The SEC investigation found that R.T. Jones Capital Equities Management violated this "safeguards rule" for approximately four years before the breach by failing to adopt any written policies and procedures to ensure the security and confidentiality of personally identifiable information. The SEC's order found that R.T. Jones violated Rule 30(a) of Regulation S-P under the Securities Act of 1933. In the settlement, R.T. Jones agreed to cease and desist from future violations of Rule 30(a) as well as pay a $75,000 penalty.
The SEC press release is available at: http://www.sec.gov/news/pressrelease/2015-202.html.