The SEC requires advice firms to have reasonable safeguards to secure clients’ private data, Brian Hamburger, chief executive of compliance consulting firm MarketCounsel, tells Vonnegut. But there’s no definition of what those safeguards are supposed to be, according to Hamburger. At the same time, state regulations on cybersecurity measures vary, Vonnegut writes. That means advisors who suffer a data breach may have to tell their clients in one state something different than what they tell their clients in another state, he writes. Nonetheless the SEC, FINRA and state regulators have gone after wealth management firms for data breaches, Hamburger tells Vonnegut.