Just days after the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued its second round of cybersecurity guidance for its upcoming examinations of registered investment advisers and broker-dealers, the SEC settled an administrative proceeding on cybersecurity issues arising out of a breach at a registered investment adviser, R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”). As a result of the settlement, R.T. Jones was censured and fined $75,000. On the heels of the recent OCIE guidance and following a year of major cybersecurity breaches (especially at financial institutions), this proceeding is instructive on a number of points, especially on the question “What happens when you don’t adopt policies and procedures to safeguard client data?”