Morgan Stanley Smith Barney may have escaped charges under Section 5 of the Federal Trade Commission Act, but it has agreed to pay $1 million to settle charges that it violated the Safeguards Rule. The settlement stems from allegations that an employee transferred data containing personally identifiable information of 730,000 customers to his personal server. That data later appeared on multiple internet sites. There was no harm alleged, and this settlement, coupled with the R.T. Jones and Craig Scott Capital actions, may show that the SEC is picking up enforcement of the Safeguards Rule. This article, with insight from Debevoise partner Jeremy Feigelson, analyzes the settlement and its implications for hedge fund managers and other investment advisers. See also “Practical Steps That Commodity-Focused Hedge Fund Managers Can Take to Combat Cybersecurity Threats” (Mar. 10, 2016).