Store the information, encrypted, in a database (where "database" might be as simple as a series of encrypted files in a directory, depending on your needs). Provide a passworded, HTTPS interface to the database so that employees can process and delete the information. Feel free to email them notifications that new orders have arrived. Feel free to email statistics that do not include sensitive information to an onsite database.
That will make you about as secure as 95% of small businesses who process their own CC info coming in via a website.
Incorrect and irrelevant all at the same time. If you've got a hacker who can log all the packets for your server, you better get that looked at real quick :-)